Workaround I used when creating a bug recently is to:
1. Follow the offline bug collection steps described at
https://help.ubuntu.com/community/ReportingBugs#Filing_bugs_when_offline_or_using_a_headless_setup
2. Redact the .apport file. For example:
# Replace USERNAME, HOSTNAME, IP_ADDRESS placeholders, albeit you will have to
escape periods in the IP_ADDRESS. eg. \.
sed -E -e 's/USERNAME/redacted_username/g ; s/HOSTNAME/redacted_hostname/g ;
s/IP_ADDRESS/redacted_ip_address/g' out.apport > out-redacted.apport
# Check it
git diff --color-words out.apport out-redacted.apport
# Check it again
grep -i -P 'USERNAME|HOSTNAME|IP_ADDRESS' out-redacted.apport
3. Raise the bug offline using the command on the wiki link above:
ubuntu-bug out-redacted.apport
The .apport file was observed to contain username, hostname and ip
address, which may be useful to an attacker when enumerating a target's
assets.
In my case, the offending files observed were as follows, where the
offending text within has been replaced with "redacted_" as above,
albeit the content containing the username did not seem to be uploaded
to launchpad:
https://launchpadlibrarian.net/751099730/CurrentDmesg.txt
https://launchpadlibrarian.net/751099753/WifiSyslog.txt
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1676023
Title:
apport leaks hostname
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1676023/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
