Use the restricted Librarian for bug attachments
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
Triaged
|
Low
|
Unassigned | ||
Bug Description
As I understand it, the original idea to keep security/
This is not the case in practise: Many if not all bugs filed via Apport have bug attachments like CoreDump.gz. People "curious" about core dump or similar data can simply iterate over all URLs like http://
While this may take a long time, it is not impossible. Even worse would be this scenario: If an application dealing with private data "suddendly" (after a "bad" Debian package update, for example) starts to crash quite often, we can expect to get many bug reports filed via Apport. Since the date when the problem startes to appear is known, it is enough to look at any public bug reported around that time to find the first LibraryFileAlias ID that might be related to the "interesting" core dump data.
We should consider to use the restricted Librarian for bug attachments, at least those that (may) affects security.
| Deryck Hodge (deryck) wrote | #1 |
| Changed in malone: | |
| status: | New → Triaged |
| Changed in malone: | |
| importance: | Undecided → Low |
| Deryck Hodge (deryck) wrote | #2 |
| visibility: | private → public |
I'm hesitant to set an importance on this until a fuller assessment of the risk, any requirements for a fix, and the approach outlined here. Abel and I discussed this, and he is going to email the internal LP list to get feedback on the concerns raised here.