Entire process's environment attached to bugzillas by ABRT
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Thu Nov 27 23:28:19 UTC 2014
On Thu, Nov 27, 2014 at 07:02:00PM +0100, Jan Kratochvil wrote:
> On Thu, 27 Nov 2014 16:23:57 +0100, Jakub Filak wrote:
> > Do you find 'environ' attachment valuable or is ABRT just publishing personal
> > information?
>
> No but I can imagine in some cases it may be useful.
Is this a problem in practice? I don't recall ever seeing anything
private in the hundreds of abrt traces I looked at.
I checked the enironment of my shell, nothing interesting there, and
I'm not aware of any services using environment variables to pass
authentication data. If anything, the cwd and open fds reveal the most
information, but they are also one of the most useful parts (in my
experience, that is version strings and backtrace followed by open fds).
> Couldn't there be a way to send additional information upon bug assignee's
> request? That would be typically useful with the core files but reporters
> always said they cannot find the core file anywhere.
Actually if the scheme that Jakub is working on is adopted and
coredumps are stored by systemd, they will be available for longer,
and it should often be possible to request a coredump after the fact.
But in general depending on user help after the fact is most often
futile. I wouldn't go there unless actual complaints about exposed
data appear.
Zbyszek
More information about the devel
mailing list