Somewhat urgent privacy concern

Jan Claeys lists at
Mon Aug 31 02:59:08 BST 2009

Op zaterdag 29-08-2009 om 18:14 uur [tijdzone +0200], schreef Arand
> This comes about since U1's crash reports contains a list of all the
> U1 files and folders of the reporting user (LP: 419895), AND that
> those attachements are not removed when the bug is marked as a
> duplicate and made public by the apport retracing service (LP:
> 419929). 

IMO this behaviour is not only a privacy issue, but also a possible
security issue:

It means that the details of a known crasher bug (and thus a possibly
exploitable condition) are publicly available; wannabe attackers can
scan for recent LP bugs that are marked as duplicates after an apport

Let's say that LP makes things a little bit easier for malicious people
this way...

Jan Claeys

More information about the ubuntu-devel mailing list