Hi Thijs, On Mon, 31 Mar 2014, Thijs Kinkhorst wrote: > > Sending /etc/fstab without asking the user is not acceptable, > > as there might be passwords saved in there. > > It would help the security team and anyone else not intimately involved > with this package if you could indicate more precisely to which > functionality you refer here.
Any bug report to systemd attached the files /etc/fstab, which might contain network fs (smb, nfs, ..) usernames, passwords, ip-adrs. The user is not asked whether this file should be sent. Emails sent are visible on the net which makes potentially critical information leaking out. systemd bug.script should use debconf or whatever to inform the user about this fact, and ask permission. Norbert ------------------------------------------------------------------------ PREINING, Norbert http://www.preining.info JAIST, Japan TeX Live & Debian Developer GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13 ------------------------------------------------------------------------ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
