Ubuntu
apport package

attach_hardware() should hide disk labels for privacy

Bug #394411 reported by Fred
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apport (Ubuntu)
Fix Released
Medium
Marco Rodrigues

Bug Description

Binary package hint: kerneloops

When kerneloops uploads data to launchpad, it includes two files UdevDb.txt and UdevLog.txt which contains the name of the users partition/volume labels.

Example:

-- UdevDb.txt --
S: disk/by-path/pci-0000:00:1f.2-scsi-0:0:0:0-part1
S: disk/by-label/porno

-- UdevLog.txt --
ID_FS_LABEL=porno
ID_FS_LABEL_ENC=porno
ID_FS_TYPE=ntfs
ID_FS_USAGE=filesystem

Tags: privacy
Revision history for this message
James Westby (james-w) wrote :

It's the linux source package hook shipped by apport that adds this information.

Thanks,

James

affects: kerneloops (Ubuntu) → linux (Ubuntu)
affects: linux (Ubuntu) → apport (Ubuntu)
Martin Pitt (pitti)
summary: - kerneloops should hide disk labels for privacy
+ attach_hardware() should hide disk labels for privacy
Changed in apport (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Marco Rodrigues (gothicx)
Changed in apport (Ubuntu):
status: Triaged → Confirmed
tags: removed: kerneloops
Marco Rodrigues (gothicx)
Changed in apport (Ubuntu):
assignee: nobody → Marco Rodrigues (gothicx)
status: Confirmed → In Progress
Marco Rodrigues (gothicx)
Changed in apport (Ubuntu):
status: In Progress → Confirmed
Revision history for this message
Martin Pitt (pitti) wrote :

Merged into trunk r1630, thanks Marco!

Changed in apport (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apport - 1.9.4-0ubuntu1

---------------
apport (1.9.4-0ubuntu1) lucid; urgency=low

  [ Marco Rodrigues ]
  * etc/default/apport: Replace the old init.d force_start command by
    the Upstart one.
  * debian/apport.upstart: If $force_start=1 is given then run the job.
  * debian/local/apport-collect: Don't collect information if bug is a
    duplicate. (LP: #471429)

  [ Martin Pitt ]
  * New upstream bug fix release:
    - Fix crash when ExecutablePath isn't part of a package. (LP: #424965)
    - hookutils.py, attach_hardware(): Anonymize disk labels. Thanks to Marco
      Rodrigues. (LP: #394411)
    - hookutils.py, attach_wifi(): Anonymize encryption key (which appeared in
      hex when being called as root). Thanks to Marco Rodrigues. (LP: #446299)
    - launchpad.py: If unset, set bug task source package also for interpreter
      crashes.
    - apport-gtk: Give details window a minimize/maximize button, which were
      missing in some window managers. Thanks to Marien Zwart. (LP: #447749)
    - apport-kde: Properly terminate program after closing the last dialog.
      (LP: #458662)
    - hookutils.py, attach_alsa(): Attach /proc/asound/version. (LP: #467233)
    - general-hooks/generic.py: Only collect ~/.xsession-errors bits when we
      have an ExecutablePath linked to libgtk.
  * debian/control: Update Vcs-Bzr: for lucid branch.
  * data/package-hooks/source_linux.py: Add interactive questionaire, thanks
    Leann Ogasawara! (LP: #444672)
 -- Martin Pitt <email address hidden> Fri, 06 Nov 2009 14:06:52 +0100

Changed in apport (Ubuntu):
status: Fix Committed → Fix Released
Fred (eldmannen+launchpad)
tags: added: privacy
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.