[Pkg-systemd-maintainers] Bug#743158: systemd: sends private information without confirmation
Norbert Preining
preining at logic.at
Mon Mar 31 09:07:35 BST 2014
Hi Thijs,
On Mon, 31 Mar 2014, Thijs Kinkhorst wrote:
> > Sending /etc/fstab without asking the user is not acceptable,
> > as there might be passwords saved in there.
>
> It would help the security team and anyone else not intimately involved
> with this package if you could indicate more precisely to which
> functionality you refer here.
Any bug report to systemd attached the files /etc/fstab, which
might contain network fs (smb, nfs, ..) usernames, passwords, ip-adrs.
The user is not asked whether this file should be sent.
Emails sent are visible on the net which makes potentially
critical information leaking out.
systemd bug.script should use debconf or whatever to inform the
user about this fact, and ask permission.
Norbert
------------------------------------------------------------------------
PREINING, Norbert http://www.preining.info
JAIST, Japan TeX Live & Debian Developer
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
------------------------------------------------------------------------
More information about the Pkg-systemd-maintainers
mailing list