the WifiSyslog apport hook (used in firefox/tb) includes SSID informations
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apport (Ubuntu) |
Won't Fix
|
Undecided
|
Brian Murray | ||
firefox (Ubuntu) |
Fix Released
|
High
|
Olivier Tilloy | ||
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
thunderbird (Ubuntu) |
Fix Released
|
Undecided
|
Olivier Tilloy |
Bug Description
When I apport-bug certain packages such as firefox for example, it uploads the WifiSyslog.txt file.
The WifiSyslog may contain a list of all system connections enumerated in /etc/NetworkMan
Should either remove WifiSyslog as a requirement for packages that don't need it (should I report this to https:/
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: apport 2.20.9-0ubuntu7.4
ProcVersionSign
Uname: Linux 4.15.0-38-generic x86_64
ApportLog:
ApportVersion: 2.20.9-0ubuntu7.4
Architecture: amd64
CrashReports: 640:1000:
CurrentDesktop: ubuntu:GNOME
Date: Fri Nov 2 11:24:20 2018
EcryptfsInUse: Yes
InstallationDate: Installed on 2018-09-12 (50 days ago)
InstallationMedia: Ubuntu 16.04.5 LTS "Xenial Xerus" - Release amd64 (20180731)
PackageArchitec
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: apport
UpgradeStatus: Upgraded to bionic on 2018-09-28 (34 days ago)
Related branches
information type: | Private Security → Public Security |
summary: |
- apport uploading WifiSyslog to public bug reports is a major privacy - risk + the WifiSyslog apport hook (used in firefox/tb) includes SSID + informations |
Changed in firefox (Ubuntu): | |
assignee: | nobody → Olivier Tilloy (osomon) |
Changed in firefox (Ubuntu): | |
status: | New → In Progress |
status: | In Progress → Fix Committed |
importance: | Undecided → High |
tags: | added: rls-ee-incoming |
Changed in thunderbird (Ubuntu): | |
assignee: | nobody → Olivier Tilloy (osomon) |
tags: | removed: rls-ee-incoming |
tags: | added: cscc |
Changed in thunderbird (Ubuntu): | |
status: | New → Fix Committed |
Thank you for your bug report, that indeed seems an issue
What apport does is provide a 'attach_wifi' that includes 'WifiSyslog' ] = recent_ syslog( re.compile( r'(NetworkManag er|modem- manager| dhclient| kernel| wpa_supplicant) (\[\d+\ ])?:')) "
" report[
Some though
- the n-m stack should probably not include those info in syslog/journal by default
- the apport hook should anonymize the log in that such info are there
- firefox/tb uses that function, maybe that's not needed?