[Pkg-systemd-maintainers] Bug#743158: Bug#743158: systemd: sends private information without confirmation
Michael Biebl
biebl at debian.org
Mon Mar 31 10:16:57 BST 2014
Am 31.03.2014 10:07, schrieb Norbert Preining:
> Hi Thijs,
>
> On Mon, 31 Mar 2014, Thijs Kinkhorst wrote:
>>> Sending /etc/fstab without asking the user is not acceptable,
>>> as there might be passwords saved in there.
>>
>> It would help the security team and anyone else not intimately involved
>> with this package if you could indicate more precisely to which
>> functionality you refer here.
>
> Any bug report to systemd attached the files /etc/fstab, which
> might contain network fs (smb, nfs, ..) usernames, passwords, ip-adrs.
>
> The user is not asked whether this file should be sent.
>
> Emails sent are visible on the net which makes potentially
> critical information leaking out.
>
> systemd bug.script should use debconf or whatever to inform the
> user about this fact, and ask permission.
>
Dear Norbert,
can you try the attached bug script, you need to copy it to
/usr/share/bug/systemd
The diff is
diff --git a/debian/systemd.bug-script b/debian/systemd.bug-script
index 23e617a..bbb3f24 100644
--- a/debian/systemd.bug-script
+++ b/debian/systemd.bug-script
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
REPORTBUG_VERSION=$(dpkg-query -f '${source:Version}' -W reportbug)
@@ -29,7 +29,11 @@ if dpkg --compare-versions "$REPORTBUG_VERSION" ge
"6.5.0"; then
echo "$DIR/dsh-enabled.txt" >&3
fi
- echo "/etc/fstab" >&3
+ yesno "Do you want to provide fstab information [Y|n]? " yep
+ if [ "$REPLY" = yep ]; then
+ echo "/etc/fstab" >&3
+ fi
+
echo "-- END ATTACHMENTS --" >&3
else
_header() {
I chose to use Y as default, since /etc/fstab should not usually contain
password information.
Thijs, do you think this is sufficient or should we reword the text?
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
#!/bin/bash
REPORTBUG_VERSION=$(dpkg-query -f '${source:Version}' -W reportbug)
# Depending on whether reportbug is new enough, we either write the output of
# our various commands to a file and attach them to the report (this needs
# reportbug ? 6.5.0) or just write them to the body of the bug report.
if dpkg --compare-versions "$REPORTBUG_VERSION" ge "6.5.0"; then
# We don?t clean up this directory because there is no way to know when
# reportbug finished running, and reportbug needs the files around.
# Given that those are just a couple of kilobytes in size and people
# generally don?t file a lot of bugs, I don?t think it?s a big deal.
DIR=$(mktemp -d)
echo "-- BEGIN ATTACHMENTS --" >&3
# remove highlighting escape codes from systemd-delta output
systemd-delta --no-pager|sed "s%\x1b[^m]*m%%g" >$DIR/systemd-delta.txt
echo "$DIR/systemd-delta.txt" >&3
if [ -d /run/systemd/system ]; then
systemctl --no-pager dump >$DIR/systemctl-dump.txt
echo "$DIR/systemctl-dump.txt" >&3
fi
if [ -d /var/lib/systemd/deb-systemd-helper-enabled ]; then
head -n100 $(find /var/lib/systemd/deb-systemd-helper-enabled -type f | tr '\n' ' ') >$DIR/dsh-enabled.txt
echo "$DIR/dsh-enabled.txt" >&3
fi
yesno "Do you want to provide fstab information [Y|n]? " yep
if [ "$REPLY" = yep ]; then
echo "/etc/fstab" >&3
fi
echo "-- END ATTACHMENTS --" >&3
else
_header() {
echo "--------------" >&3
echo "$1:" >&3
echo "--------------" >&3
}
_header "systemd-delta"
# remove highlighting escape codes from systemd-delta output
systemd-delta --no-pager|sed "s%\x1b[^m]*m%%g" >&3
if [ -d /run/systemd/system ]; then
echo >&3
_header "systemctl dump"
systemctl --no-pager dump >&3
fi
if [ -d /var/lib/systemd/deb-systemd-helper-enabled ]; then
echo >&3
_header "Contents of /var/lib/systemd/deb-systemd-helper-enabled"
head -n100 $(find /var/lib/systemd/deb-systemd-helper-enabled -type f | tr '\n' ' ') >&3
fi
fi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 884 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20140331/4b09dbcf/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list