question about uploading of core dumps to generate a backtrace for ABRT
Miloslav Trmač
mitr at redhat.com
Thu Aug 14 12:08:46 UTC 2014
----- Original Message -----
> the ABRT team got an request to replace uploading of core dumps
> to the retrace server by providing a fuse-like share with debuginfos [1].
>
> It would be really nice if the security experts could comment on this.
Not uploading users’ data we don’t need and never use would be a nice security improvement.
The flip side is that the “fuse-like share client” is an attack vector, so the way these files are distributed should be protected (signed, verified etc.) as well as packages in the repositories are.
(Non-security questions:
1) What does this do to the latency of the core dump generation (i.e. is it more data to upload the coredump, or download the debuginfo?), and the likelihood we will collect backtraces?
2) If we are talking about an integrity-verified method of delivering data to the users’ machine, why not just download and install debuginfos from the existing repos? This might require changing their packaging, perhaps to split ELF debug info and sources, but that’s very likely not as much work as writing a different—essentially—packaging mechanism from scratch.
3) Do you actually need all the complexity of fuse, or just a layer of indirection within gdb?)
Mirek
More information about the security
mailing list