Bug#1041652: udev: Udev database attached to udev reportbug might contain sensitive information
Michael Biebl
biebl at debian.org
Tue Aug 22 16:11:29 BST 2023
On Fri, 21 Jul 2023 19:31:14 +0200 =?utf-8?q?Michael_B=C3=BCsch?=
<m at bues.ch> wrote:
> Package: udev
> Version: 254~rc2-3
> Severity: normal
> X-Debbugs-Cc: m at bues.ch
>
> Dear Maintainer,
>
> when reporting a udev bug via reportbug the tool auto-attaches the complete
> udev database dump to the report.
>
> That came as a complete surprise to be. I didn't see any mention of that in the
> report process.
> Nor was there a way to prevent the attachment.
>
> I think auto-attaching the complete udev database is a confidentiality problem.
> The udev database might contain sensitive information that the reporter did not
> want to disclose to the public internet.
>
> Think of Luks DM names for example. The reporter is free to choose any name for
> them. The reporter might not have thought about that the name can end up being
> posted to the public internet when the reporter choose a name for the DM
> device.
>
> Besides that, the udev database is a very large fingerprint of the hardware
> that the user uses.
> By posting the udev database to the public internet, that hardware is
> permanently associated to the reporter's name. That may be a problem. Think of
> illegal things being done with the hardware after the original reporter sold
> the hardware to somebody else.
>
> Please also keep in mind that not all Debian users live in free countries with
> free speech.
> Associating hardware to people might be a major threat to people in such
> countries. Think of plausible deniability of ownership, for example.
>
> Therefore, my suggestion is:
> - Please make the posting of the udev database optional.
> - Also, please make it obvious that the complete database is posted during the
> process, if the option is chosen. And explain to the reporter what that
> database contains.
>
I posted a MR here
https://salsa.debian.org/systemd-team/systemd/-/merge_requests/207
The default is to include the information. If you have suggestions to
the wording, please follow-up in the MR.
Regards,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20230822/07670d44/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list