Ubuntu
apport package

modified conf file contents attached by apport without asking

Bug #811203 reported by Brian Murray
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apport (Ubuntu)
Fix Released
High
Brian Murray
Oneiric
Fix Released
High
Brian Murray

Bug Description

In apport/hookutils.py there is a function called attach_conffiles which does the following:

        key = 'modified.conffile.' + path_to_key(path)

        if os.path.exists(path):
            contents = open(path).read()
            m = hashlib.md5()
            m.update(contents)
            calculated_md5sum = m.hexdigest()

            if calculated_md5sum != default_md5sum:
                report[key] = contents

So it adds the contents of the conffile without checking with the reporter if this is okay. As I understand it some conffiles can contain passwords so it better if a dialog were raised if the md5sums did not match and the reporter were asked if they want to include the modified file.

Related branches

lp:~brian-murray/ubuntu/oneiric/apport/conffile-handling
Martin Pitt: Approve
Diff: 76 lines (+22/-4) (has conflicts)
3 files modified
apport/hookutils.py (+9/-2)
data/general-hooks/ubuntu.py (+2/-2)
debian/changelog (+11/-0)
lp:~ubuntu-core-dev/ubuntu/oneiric/apport/ubuntu
lp:ubuntu/oneiric/apport
Revision history for this message
Brian Murray (brian-murray) wrote :

The code in question can be found here:

http://bazaar.launchpad.net/~ubuntu-core-dev/ubuntu/oneiric/apport/ubuntu/view/head:/apport/hookutils.py#L83

Changed in apport (Ubuntu):
importance: Undecided → High
Brian Murray (brian-murray)
Changed in apport (Ubuntu Oneiric):
status: New → In Progress
assignee: nobody → Brian Murray (brian-murray)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apport - 1.21.2-0ubuntu6

---------------
apport (1.21.2-0ubuntu6) oneiric; urgency=low

  * data/general-hooks/ubuntu.py:
    - In addition to DpkgTerminalLog also check VarLogDistupgradeApttermllog
      for package installation failure messages
    - Also move postrm.d/zz-update-grub errors to grub2
  * apport/hookutils.py:
    - raise a yes no dialog in the event a conffile has been modified
      (LP: #811203)
 -- Brian Murray <email address hidden> Thu, 21 Jul 2011 06:36:04 +0200

Changed in apport (Ubuntu Oneiric):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.