[Pkg-utopia-maintainers] Bug#914799: dbus: Privacy violations: Logs detailed commands and parameters
Josh Triplett
josh at joshtriplett.org
Fri Feb 4 19:57:47 GMT 2022
Package: dbus-daemon
Version: 1.12.20-3
Followup-For: Bug #914799
X-Debbugs-Cc: josh at joshtriplett.org
It seems like there's a potential balance here: logging the command name
(e.g. evince, okular) seems fine, it's the command *parameters* that
represent a potential privacy issue (in the same spirit as "recent
documents").
Yes, comm is readily available to another user or administrator on the
same system at the same time. But that's not the same as being available
to a user or administrator who does not have concurrent access to the
system, as is commonly the case for many single-user systems.
I'm hoping that changing dbus-daemon to only log the command name and
not the arguments would not generate awful bug reports in the other
direction.
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (500, 'testing'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64
Kernel: Linux 5.15.0-3-amd64 (SMP w/8 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages dbus-daemon depends on:
ii dbus-bin 1.12.20-3
ii dbus-session-bus-common 1.12.20-3
ii libapparmor1 3.0.3-6
ii libaudit1 1:3.0.6-1+b1
ii libc6 2.33-5
ii libcap-ng0 0.7.9-2.2+b1
ii libdbus-1-3 1.12.20-3
ii libexpat1 2.4.4-1
ii libselinux1 3.3-1+b1
ii libsystemd0 250.3-2
dbus-daemon recommends no packages.
dbus-daemon suggests no packages.
-- no debconf information
More information about the Pkg-utopia-maintainers
mailing list