Lenoid, Thanks for sending the proposal to the mailing list. This is pretty thorough proposal and I hope others will chime in and provide you some feedback.
I would request you to enter this in JIRA (https://bugs.tizen.org/jira/browse/PTF) so that we can track this feature and evaluate it for Tizen 3.0. Please note we are in the process of getting all the features into JIRA at this time. Thanks Sunil -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Leonid Moiseichuk Sent: Tuesday, November 19, 2013 12:51 AM To: Kok, Auke-jan H Cc: [email protected] Subject: Re: [Dev] Crash Reporting proposal for Tizen Hi Auke, I have added your statements in requirements. See refreshed version 0.12. Couple of extra comments below. Thanks for your inputs, Leonid -----Original Message----- From: Kok, Auke-jan H [mailto:[email protected]] Sent: 19 November 2013 00:07 ... > - any form of input device data is privacy-sensitive. Touches on the screen could reveal unlock patterns, keys typed on the virtual keyboard, etc.. Yep, this part already removed. > - proc is loaded with privacy-sensitive data, and even > security-sensitive data, so it should (1) be specified and (2) restricted to only specific proc files that do not contain privacy-sensitive data. Example: /proc/mounts > may contain the label of a SD card that was inserted. The information about mounts available for any process, so even Chromium can upload it somewhere. From practical point of view df -k contains much interesting information. I think we should be sane with level of security to prevent it affecting system fixing. Anyhow we always can have files blacklist to prevent uploading them. > - most of the system logs contain way too much privacy sensitive information to be passed around. This problem is exaggerated by the sheer volume of debug information printed by some of the apps. Someone pointed that dlog makes filtering. We can re-use this part of code. But if some application share PINs/passwords in syslog - that is clear bug in application. We can upload just logs for crashed PID, but for analysis it is not so useful in all cases and usually it is done on server side. > - any data sent to a server should be SSL encrypted and do proper certificate verification. Yep. > The design is very inclusive - you're trying to capture everything, > that also means you'll have to assure that all of that is properly filtered and selected before sending anything out. If you reduce the amount of > things you collect, you will have an easier time doing that. Correct. I tried to cover "an ideal crash reporter", not all features will be implemented immediately, it depends from later plans we should do based on features prioritizing. Cheers, Auke On Mon, Nov 18, 2013 at 7:24 AM, Leonid Moiseichuk <[email protected]> wrote: > Hello again, > > One week passed for Crash reporting proposal. > The new version contains implements "security hardening" changes: > - no user input collected > - no application-specific shell executed > - all application-specific files must be readable from application > UID/GID to be added into report > > See attached files and you are welcome with more comments . > Let's introduce deadline 25-Nov-2013 and if no changes introduced the > version will be a community reviewed "working proposal". > > Best Wishes, > Leonid > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Leonid Moiseichuk > Sent: 14 November 2013 10:25 > To: [email protected] > Subject: [Dev] Crash Reporting proposal for Tizen > > Hello, > > I am happy to present Crash Reporter idea based on number available > versions in publicity. > It might be part of Tizen 3.0 if we agreed on approach. > > I recommend to start from architecture document and look into > requirements if you need technical details. > Please don't hesitate to share your opinion here or by email to me. > Any constructive critics are welcome. > > --- > Leonid Moiseichuk > Tizen Open Source Software engineer > Finland Research Institute - Branch of Samsung Research UK Falcon > Business Park, Vaisalantie 4, 02130 Espoo, Finland > [email protected] | > Mobile: +358 50 4872719 > > > > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev > _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
