On Wed, Nov 29, 2017 at 02:51:33AM -0500, '[799]' via qubes-users wrote: > Hello Unman, > > >> It's perfectly possible that the installer (not principally written by > >> Qubes) could mistakenly include a passphrase string. > > As far as I have understand, the problem is not that the password is shown, > but that the report with this error mistake and the password could get > transferred. I don't want that my password gets transferred in some part of > an error report. > > >> I've seen similar stuff included in all sorts of error reports in the past. > > This might be true, but this doesn't make this less harmless, if the password > is really bundled in an error report that gets transferered somewhere. > > >> It doesn't mean that Qubes "can't be trusted" > > Wait, it's not (!) about blaming the Qubes team. > If my understanding is correct, and the password is included in an error > report that gets transferred to a 3rd party, this is a really bad thing as > something like this should not happen from my understanding. > > [799] > > >> Also, since this is an installation error, let's not over egg the problem > > - cant be trusted" quote came from your previous comment.
I dont think there's any evidence that the error report DOES get sent to a 3rd party is there? (Qubes? Fedora? NSA?) There are install logs in /tmp which are stored in RAM, and disappear after the installation process ends/aborts. The same would likely appply to this report. In the Fedora documentation there ARE methods described for getting bug reports out of the install process, but they require active intervention from the user (copy to another drive or scp across network). There's no suggestion that these reports would be automatically submitted. I've had a quick look through the code and i dont see any mechanism for passing on bug reports - but it was a very quick look. I havent seen a bug report from anaconda, but looking at the install logs there is material that privacy minded individuals might object to including in there. Until there's some evidence that the bug report is actually sent off the system I continue to think this is over egged. Even if it is transferred to dom0 (IF), it doesnt pose a huge security risk. IF it were copied to unencrypted /boot that would be an issue. But just preparing a report that includes a password doesnt seem in itself to be a major issue. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20171129155956.3xl6w5daevtuwovb%40thirdeyesecurity.org. For more options, visit https://groups.google.com/d/optout.
