The .screenrc file format description does indicate that a password can
be set in it
(https://www.gnu.org/software/screen/manual/screen.html#Detach) so it
does appear that in theory this could be a privacy problem.
There are not many bugs filed against Ubuntu's byobu package (just 10
currently) and it doesn't look like any of them have the .screenrc
anyway. Dropping the inclusion of .screenrc in the apport hook looks
like it wouldn't adversely affect bug collection for this package; the
rare cases where it might be needed could just be handled manually.
The apport hook also includes some general information about the
installed screen binaries. It looks like there have been some
situations in the past where extraneous screen bits could cause
confusion (e.g. lp #390808 comments #6-9) that may be the reason for
that. This may be of limited usefulness, but seems of minimal risk.
So, dropping the inclusion of the .screenrc seems like a sensible path
for resolving this issue.
** Changed in: byobu (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1827202
Title:
Apport hook may expose sensitive information
To manage notifications about this bug go to:
https://bugs.launchpad.net/byobu/+bug/1827202/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
