Comment 4 for bug 1827202

Sander Bos, thank you for your research and report. I agree that this is a potential privacy leak and it should be fixed, and I appreciate the work you've done in identifying it. However, while your work does identify a worthwhile improvement, I think that calling this a security vulnerability is a stretch, given the following. Please do correct me if I'm factually wrong. The following points are believe objective and not a matter of opinion:

1. The PoC is incomplete since it misses an essential piece. An attacker cannot use it. It doesn't show how an attacker could make the apport hook fire, which is essential for the privacy leak to happen.

2. Apport and whoopsie were designed with privacy leak risks in mind, and always give the user the opportunity to view a report before sending it, in part to ensure that no sensitive information is present. The exception is if automatic crash reporting is enabled, but this is an explicit user opt-in.

3. The user must have had to have placed sensitive data in ~/.screenrc. I understand that users may do this, but it does have to be an explicit user action and is not the default case.

In my opinion, the above three factors make it questionable that this is a security vulnerability at all. If it is, it certainly has an exceeding low severity. We don't currently see any reports where these three things have come together.

Nevertheless, I agree that it makes sense to adjust the apport hook to avoid attaching ~/.screenrc. Certainly if one of the factors above turned out to be less of a barrier, making this change now would mitigate that future vulnerability. Thank you again for bringing this to our attention.