[Pkg-utopia-maintainers] Bug#914799: dbus: Privacy violations: Logs detailed commands and parameters

[Josh Triplett]

Package: dbus-daemon
Version: 1.12.20-3
Followup-For: Bug #914799
X-Debbugs-Cc: josh at joshtriplett.org

It seems like there's a potential balance here: logging the command name
(e.g. evince, okular) seems fine, it's the command *parameters* that
represent a potential privacy issue (in the same spirit as "recent
documents").

Yes, comm is readily available to another user or administrator on the
same system at the same time. But that's not the same as being available
to a user or administrator who does not have concurrent access to the
system, as is commonly the case for many single-user systems.

I'm hoping that changing dbus-daemon to only log the command name and
not the arguments would not generate awful bug reports in the other
direction.


-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64

Kernel: Linux 5.15.0-3-amd64 (SMP w/8 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages dbus-daemon depends on:
ii  dbus-bin                 1.12.20-3
ii  dbus-session-bus-common  1.12.20-3
ii  libapparmor1             3.0.3-6
ii  libaudit1                1:3.0.6-1+b1
ii  libc6                    2.33-5
ii  libcap-ng0               0.7.9-2.2+b1
ii  libdbus-1-3              1.12.20-3
ii  libexpat1                2.4.4-1
ii  libselinux1              3.3-1+b1
ii  libsystemd0              250.3-2

dbus-daemon recommends no packages.

dbus-daemon suggests no packages.

-- no debconf information