Ubuntu
apport package

submitting crash data with apport-collect

Asked by Eliah Kagan

If Ubuntu package X has crashed, and bug N has a task for package X, and I run "apport-collect N", does that attach data gleaned from the most recent .crash file in package X on my system? https://bugs.launchpad.net/ubuntu/+source/unity-2d/+bug/882300/comments/11 indicates that it does, which I was not aware of, but I figured it would be more appropriate to ask about that here than in bug 882300, since I am not sure the information provided in that comment is incorrect.

If that is the behavior of Apport, wouldn't that be a security problem? After all, bug N may be public, and if apport-collection can attach crash data like registers' contents, stack traces, and core dump files without requiring the user to undertake the explicit step of marking the bug containing the data public, that seems like a lowering of the threshold for undesirable information disclosure.

(Please feel free to answer if you have an answer to the first question but not the second.)

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu apport Edit question
Assignee:
No assignee Edit question
Solved by:
Eliah Kagan
Solved:
Last query:
Last reply:
Revision history for this message
Eliah Kagan (degeneracypressure) said : 		#1

I got the answer: no. Apport does not do this. The attempt to get crash data in bug 882300 this way was, as I had predicted, not successful.