crash reports owned by root not anonymized well
Bug #1743906 reported by
Brian Murray
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Apport |
New
|
Undecided
|
Unassigned | ||
Bug Description
The function anonymize in report.py doesn't do any replacing of the username if the userid is 0, this is problematic as some crash reports are owned by root and subsequently the data collection done for the report is run as root. An example of the username still in the report can be found in JournalErrors.txt attached to bug 1743657.
The corresponding report on my hard drive has the following permissions:
$ ls -lh /var/crash/
total 8.8M
-rw------- 1 whoopsie whoopsie 0 Jan 17 09:22 _bin_cat.
-rw-r----- 1 root whoopsie 877K Jan 16 13:51 dbus.0.crash
To help resolve this issue the function should be modified so it does a replacement of "/home/.*" outside of the uid check or should try to determine the "real" user.
| tags: | added: id-5a5fe47a18ad3379aa0e1b0e |
To post a comment you must log in.
