ABRT frustrating for users and developers

Jan Kratochvil jan.kratochvil at redhat.com
Mon Jan 18 09:53:30 UTC 2010


On Mon, 18 Jan 2010 09:06:13 +0100, Jiri Moskovcak wrote:
> On 01/17/2010 06:49 PM, Camilo Mesias wrote:
> > This is a good point, the users shouldn't really have to install
> > debuginfo for a one-off use. It would be better for a central server
> > or service to have access to all the debuginfo files at all versions.
> > The back end processing of symbol-less backtraces + version info to
> > fully annotated ones could be automated.
> 
> There has been such idea called debugfs, but it was cancelled (don't
> remember the reason), but I agree that would be probably the best
> option, because when user creates the backtrace he needs to install
> the whole debuginfo, but then GDB reads just a few kilobytes.

For various reasons of current debuginfo format + current GDB state GDB will
always read the whole .debug file.  Therefore it (currently) does not make
a difference (in fact it would be slower) to NFS-like access it by some
"debugfs" instead of downloading single .debug file.

Still it may be a difference to download just specific .debug files from
-debuginfo.rpm - either by "debugfs" or by some other .debug download method.
OTOH that has security implications as the .debug files are not signed as the
debuginfo.rpm files are, see:
	https://fedoraproject.org/wiki/Talk:Features/DebuginfoFS#Security

This discussion is about so-called "retrace server" provided at least by
Ubuntu Apport:
	https://wiki.kubuntu.org/Apport#Launchpad-based%20auto-retracer
It has been scratch-made for ABRT but there needs to be done some more bits of
work; it is currently not deployed:
	https://fedorahosted.org/pipermail/crash-catcher/2009-October/000052.html

For the "retrace server" there comes back the question of security by possible
hiding of disclosed information from user (such as hiding a password from
crashed application into the backtrace to make it invisible for approval
before submitting it). With current download of whole -debuginfo.rpm files
signed by Fedora this security problem does not exist. There would be needed
some Fedora-provided signed retrace servers with the same level of trust as
have the signatures on -debuginfo.rpm files.


Regards,
Jan


More information about the devel mailing list