Am 31.03.2014 10:07, schrieb Norbert Preining: > Hi Thijs, > > On Mon, 31 Mar 2014, Thijs Kinkhorst wrote: >>> Sending /etc/fstab without asking the user is not acceptable, >>> as there might be passwords saved in there. >> >> It would help the security team and anyone else not intimately involved >> with this package if you could indicate more precisely to which >> functionality you refer here. > > Any bug report to systemd attached the files /etc/fstab, which > might contain network fs (smb, nfs, ..) usernames, passwords, ip-adrs. > > The user is not asked whether this file should be sent. > > Emails sent are visible on the net which makes potentially > critical information leaking out. > > systemd bug.script should use debconf or whatever to inform the > user about this fact, and ask permission. >
Dear Norbert,
can you try the attached bug script, you need to copy it to
/usr/share/bug/systemd
The diff is
diff --git a/debian/systemd.bug-script b/debian/systemd.bug-script
index 23e617a..bbb3f24 100644
--- a/debian/systemd.bug-script
+++ b/debian/systemd.bug-script
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
REPORTBUG_VERSION=$(dpkg-query -f '${source:Version}' -W reportbug)
@@ -29,7 +29,11 @@ if dpkg --compare-versions "$REPORTBUG_VERSION" ge
"6.5.0"; then
echo "$DIR/dsh-enabled.txt" >&3
fi
- echo "/etc/fstab" >&3
+ yesno "Do you want to provide fstab information [Y|n]? " yep
+ if [ "$REPLY" = yep ]; then
+ echo "/etc/fstab" >&3
+ fi
+
echo "-- END ATTACHMENTS --" >&3
else
_header() {
I chose to use Y as default, since /etc/fstab should not usually contain
password information.
Thijs, do you think this is sufficient or should we reword the text?
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
#!/bin/bash
REPORTBUG_VERSION=$(dpkg-query -f '${source:Version}' -W reportbug)
# Depending on whether reportbug is new enough, we either write the output of
# our various commands to a file and attach them to the report (this needs
# reportbug ≥ 6.5.0) or just write them to the body of the bug report.
if dpkg --compare-versions "$REPORTBUG_VERSION" ge "6.5.0"; then
# We don’t clean up this directory because there is no way to know when
# reportbug finished running, and reportbug needs the files around.
# Given that those are just a couple of kilobytes in size and people
# generally don’t file a lot of bugs, I don’t think it’s a big deal.
DIR=$(mktemp -d)
echo "-- BEGIN ATTACHMENTS --" >&3
# remove highlighting escape codes from systemd-delta output
systemd-delta --no-pager|sed "s%\x1b[^m]*m%%g" >$DIR/systemd-delta.txt
echo "$DIR/systemd-delta.txt" >&3
if [ -d /run/systemd/system ]; then
systemctl --no-pager dump >$DIR/systemctl-dump.txt
echo "$DIR/systemctl-dump.txt" >&3
fi
if [ -d /var/lib/systemd/deb-systemd-helper-enabled ]; then
head -n100 $(find /var/lib/systemd/deb-systemd-helper-enabled -type f |
tr '\n' ' ') >$DIR/dsh-enabled.txt
echo "$DIR/dsh-enabled.txt" >&3
fi
yesno "Do you want to provide fstab information [Y|n]? " yep
if [ "$REPLY" = yep ]; then
echo "/etc/fstab" >&3
fi
echo "-- END ATTACHMENTS --" >&3
else
_header() {
echo "--------------" >&3
echo "$1:" >&3
echo "--------------" >&3
}
_header "systemd-delta"
# remove highlighting escape codes from systemd-delta output
systemd-delta --no-pager|sed "s%\x1b[^m]*m%%g" >&3
if [ -d /run/systemd/system ]; then
echo >&3
_header "systemctl dump"
systemctl --no-pager dump >&3
fi
if [ -d /var/lib/systemd/deb-systemd-helper-enabled ]; then
echo >&3
_header "Contents of /var/lib/systemd/deb-systemd-helper-enabled"
head -n100 $(find /var/lib/systemd/deb-systemd-helper-enabled -type f |
tr '\n' ' ') >&3
fi
fi
signature.asc
Description: OpenPGP digital signature
