RetraceServer security [Re: abrt wishlist]
Jiri Moskovcak
jmoskovc at redhat.com
Tue Dec 14 10:06:43 UTC 2010
On 12/14/2010 03:51 AM, Jan Kratochvil wrote:
> On Thu, 09 Dec 2010 17:10:49 +0100, David Malcolm wrote:
>> Another gratuitous me too, see:
>> https://fedoraproject.org/wiki/Talk:Features/RetraceServer
>
> Detailed description:
> [...] User sends the coredump [...]
>
> Do you intend to make it default for Fedora?
>
- not decided yet, but I'm thinking about something user friendly like
dialog saying:
How do you want to generate the backtrace?
1. Locally (will download XY MB of debuginfo and you need gdb and etc..)
2. I want to use the RS (WARNING!!: will upload the core file which may
contain a sensitive data, but provides a better backtrace)
3. I need to ask my older brother, so cancel the reporting ...
> So far I thought it is not acceptable and in many cases my request in BZ for
> a core dump was refused by a user due to security concerns.
>
- some people won't send it some will.. When I can't reproduce the bug
and user doesn't want to send me the core, then sorry -> CLOSED
INSUFF_INFO what else can you do?
>
> OTOH the system binaries are already provided by the Fedora project and if the
> retrace server infrastructure has the same security as Koji servers the
> security level stays the same.
>
- exactly if we want to get user's private data there is many easier
ways then to build a server and write a special app for it...
But the core definitely won't be uploaded without making sure that user
understands what he is about to upload, as we don't want to get under
the same critic as one of the well known operating system developer :)
Jirka
More information about the devel
mailing list