question about uploading of core dumps to generate a backtrace for ABRT
Nikos Mavrogiannopoulos
nmav at redhat.com
Thu Aug 14 07:36:50 UTC 2014
On Wed, 2014-08-13 at 08:27 -0400, Jakub Filak wrote:
> Hello,
>
> the ABRT team got an request to replace uploading of core dumps
> to the retrace server by providing a fuse-like share with debuginfos [1].
> It would be really nice if the security experts could comment on this.
I believe that this is primarily a legal compliance, and privacy issue
than simply a security issue (and that applies to the core dump sending
as well). The concern there, has the user ever agreed to provide that
information? Can a user explicitly remove that information that concern
him (I believe both are requirements under EU directives).
As for an opinion for the security of this scheme, I don't believe that
you provided an details of its design. The minimum requirements should
be, that information is communicated securely over the wire, so that
only Fedora project can access the data, and that data must be stored in
a way that they cannot be used by a third party who stole that
information (e.g. take them offline as soon as possible, or encrypt them
with an HSM that cannot decrypt, or gpg and a public key - i.e.,
decryption can only be done offline). As I see, unless we have a good
reason to keep that information, it is mostly a burden to have them
(consider the PR disaster if that gets stolen).
regards,
Nikos
More information about the security
mailing list