[Bug 1739532] [NEW] apport-collect SHOULD prune out /home/%USER/ from JournalErrors

[fermulator]

Public bug reported:

During https://bugs.launchpad.net/ubuntu/+source/gnome-
shell/+bug/1739525, I ran apport-collect.

I was happy to see that my hostname from the system logs was pruned to
"hostname". Great!

However, there are some logs that complain about /home/FOO user ... we
SHOULD NOT leak a user's $HOME directory contents (a potential list of
local user accounts) into these reports. This MAY be considered as
sensitive information.

The JournalErrors.txt should prune it.

Example of CULPRITS:
{{{
Dec 20 21:39:20 hostname com.ubuntu.OneConf[3069]: WARNING:oneconf.hosts:Error 
in loading other_hosts file: [Errno 2] No such file or directory: 
'/home/FOO/.cache/oneconf/1dfe6d2e52223c637c7bddd900000002/other_hosts'
Dec 20 21:39:33 hostname com.ubuntu.OneConf[18688]: WARNING:oneconf.hosts:Error 
in loading other_hosts file: [Errno 2] No such file or directory: 
'/home/BAR/.cache/oneconf/1dfe6d2e52223c637c7bddd900000002/other_hosts'
}}}

The suggestion here, is simply to also prune out usernames from ANY
"/home/%USER" or "~%USER" type regexes.

** Affects: apport (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apport privacy

** Description changed:

  During https://bugs.launchpad.net/ubuntu/+source/gnome-
  shell/+bug/1739525, I ran apport-collect.
  
  I was happy to see that my hostname from the system logs was pruned to
  "hostname". Great!
  
  However, there are some logs that complain about /home/FOO user ... we
  SHOULD NOT leak a user's $HOME directory contents (a potential list of
  local user accounts) into these reports. This MAY be considered as
  sensitive information.
  
  The JournalErrors.txt should prune it.
  
  Example of CULPRITS:
  {{{
  Dec 20 21:39:20 hostname com.ubuntu.OneConf[3069]: 
WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file 
or directory: 
'/home/FOO/.cache/oneconf/1dfe6d2e52223c637c7bddd900000002/other_hosts'
  Dec 20 21:39:33 hostname com.ubuntu.OneConf[18688]: 
WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file 
or directory: 
'/home/BAR/.cache/oneconf/1dfe6d2e52223c637c7bddd900000002/other_hosts'
  }}}
+ 
+ The suggestion here, is simply to also prune out usernames from ANY
+ "/home/%USER" or "~%USER" type regexes.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1739532

Title:
  apport-collect SHOULD prune out /home/%USER/ from JournalErrors

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1739532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs