Bug#897388: Logs accessed files, etc. to syslog

2018-05-02 Thread Maximiliano Curia 

Control: forwarded -1 https://phabricator.kde.org/D12656

I'm not sure if bts link supports phabricator, let's see how this goes.

¡Hola Anthony!

El 2018-05-01 a las 18:01 -0400, Anthony DeRobertis escribió:

Package: kactivitymanagerd
Version: 5.12.1-1
Severity: important



Similar (but nowhere near as bad as) bug #805399, ActivityManager is
logging files I access to the systemd journal & syslog. Some examples:



while hopefully the database itself is in my home director and
mode go-rw, the same can't be said for syslog and journal. This violates
user privacy on a multi-user system as the sysadmin is expected to read
syslog, but respect the privacy of $HOME. In addition, syslog and
journal are available to members of group adm, who may not have root.



From the journal, it appears that kactivymanagerd may be speweing this
to stdout, which is ultimately being picked up by systemd (I think
that's what _TRANSPORT of stdout means):


Upstream already accepted a patch for this, so it would be solved in the next 
release.


Happy hacking,
--
"Seek simplicity, and distrust it." -- Whitehead's Rule
Saludos /\/\ /\ >< `/


signature.asc
Description: PGP signature

Processed: Re: Bug#897388: Logs accessed files, etc. to syslog

2018-05-02 Thread Debian Bug Tracking System 
Processing control commands:

> forwarded -1 https://phabricator.kde.org/D12656
Bug #897388 [kactivitymanagerd] Logs accessed files, etc. to syslog
Set Bug forwarded-to-address to 'https://phabricator.kde.org/D12656'.

-- 
897388: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897388
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#897388: Logs accessed files, etc. to syslog

2018-05-01 Thread Anthony DeRobertis 
Package: kactivitymanagerd
Version: 5.12.1-1
Severity: important

Similar (but nowhere near as bad as) bug #805399, ActivityManager is
logging files I access to the systemd journal & syslog. Some examples:

May  1 16:43:33 Zia org.kde.ActivityManager[4152]: Creating the cache for:  
"applications:tora.desktop"
May  1 16:43:33 Zia org.kde.ActivityManager[4152]: Already in database?  true
May  1 16:43:33 Zia org.kde.ActivityManager[4152]:   First update :  
QDateTime(2016-10-11 13:24:44.000 EDT Qt::TimeSpec(LocalTime))
May  1 16:43:33 Zia org.kde.ActivityManager[4152]:Last update :  
QDateTime(2018-05-01 14:48:00.000 EDT Qt::TimeSpec(LocalTime))
May  1 16:43:33 Zia org.kde.ActivityManager[4152]: After the adjustment
May  1 16:43:33 Zia org.kde.ActivityManager[4152]:  Current score :  4.5649
May  1 16:43:33 Zia org.kde.ActivityManager[4152]:   First update :  
QDateTime(2016-10-11 13:24:44.000 EDT Qt::TimeSpec(LocalTime))
May  1 16:43:33 Zia org.kde.ActivityManager[4152]:Last update :  
QDateTime(2018-05-01 14:48:00.000 EDT Qt::TimeSpec(LocalTime))
May  1 16:43:33 Zia org.kde.ActivityManager[4152]: Interval length is  0
May  1 16:43:33 Zia org.kde.ActivityManager[4152]:  New score :  5.5649
May  1 16:43:33 Zia org.kde.ActivityManager[4152]: ResourceScoreUpdated: 
"beff6de3-1dc1-42b8-ab3d-2510f77b2ddf" "org.kde.krunner" 
"applications:tora.desktop"
May  1 17:33:32 Zia org.kde.ActivityManager[4152]: Creating the cache for:  
"/mnt/Haruhi/netadmin/HPM Retention Comparison EXPORT.pdf"
May  1 17:33:32 Zia org.kde.ActivityManager[4152]: Already in database?  true
May  1 17:33:32 Zia org.kde.ActivityManager[4152]:   First update :  
QDateTime(2018-05-01 17:32:38.000 EDT Qt::TimeSpec(LocalTime))
May  1 17:33:32 Zia org.kde.ActivityManager[4152]:Last update :  
QDateTime(2018-05-01 17:32:38.000 EDT Qt::TimeSpec(LocalTime))
May  1 17:33:32 Zia org.kde.ActivityManager[4152]: After the adjustment
May  1 17:33:32 Zia org.kde.ActivityManager[4152]:  Current score :  0
May  1 17:33:32 Zia org.kde.ActivityManager[4152]:   First update :  
QDateTime(2018-05-01 17:32:38.000 EDT Qt::TimeSpec(LocalTime))
May  1 17:33:32 Zia org.kde.ActivityManager[4152]:Last update :  
QDateTime(2018-05-01 17:32:38.000 EDT Qt::TimeSpec(LocalTime))
May  1 17:33:32 Zia org.kde.ActivityManager[4152]: Interval length is  21
May  1 17:33:32 Zia org.kde.ActivityManager[4152]:  New score :  0.35
May  1 17:33:32 Zia org.kde.ActivityManager[4152]: ResourceScoreUpdated: 
"beff6de3-1dc1-42b8-ab3d-2510f77b2ddf" "okular" "/mnt/Haruhi/netadmin/HPM 
Retention Comparison EXPORT.pdf"

while hopefully the database itself is in my home director and
mode go-rw, the same can't be said for syslog and journal. This violates
user privacy on a multi-user system as the sysadmin is expected to read
syslog, but respect the privacy of $HOME. In addition, syslog and
journal are available to members of group adm, who may not have root.

From the journal, it appears that kactivymanagerd may be speweing this
to stdout, which is ultimately being picked up by systemd (I think
that's what _TRANSPORT of stdout means):

{
   "_EXE" : "/usr/bin/dbus-daemon",
   "_GID" : "1000",
   "__CURSOR" : "[[redacted]]",
   "_SYSTEMD_OWNER_UID" : "1000",
   "_COMM" : "dbus-daemon",
   "_UID" : "1000",
   "_SYSTEMD_CGROUP" : 
"/user.slice/user-1000.slice/user@1000.service/dbus.service",
   "_MACHINE_ID" : "[[redacted]]",
   "_HOSTNAME" : "Zia",
   "_SYSTEMD_USER_SLICE" : "-.slice",
   "_BOOT_ID" : "[[redacted]]",
   "MESSAGE" : "Creating the cache for:  \"/mnt/Haruhi/netadmin/HPM Retention 
Comparison EXPORT.pdf\"",
   "__MONOTONIC_TIMESTAMP" : "1231383365390",
   "_CAP_EFFECTIVE" : "0",
   "_SYSTEMD_INVOCATION_ID" : "[[redacted]]",
   "__REALTIME_TIMESTAMP" : "1525210358022301",
   "_CMDLINE" : "/usr/bin/dbus-daemon --session --address=systemd: --nofork 
--nopidfile --systemd-activation --syslog-only",
   "_TRANSPORT" : "stdout",
   "SYSLOG_IDENTIFIER" : "org.kde.ActivityManager",
   "_SYSTEMD_USER_UNIT" : "dbus.service",
   "PRIORITY" : "4",
   "_SYSTEMD_SLICE" : "user-1000.slice",
   "_SELINUX_CONTEXT" : "unconfined\n",
   "_AUDIT_SESSION" : "6",
   "_PID" : "4152",
   "_STREAM_ID" : "[[redacted]]",
   "_AUDIT_LOGINUID" : "1000",
   "_SYSTEMD_UNIT" : "user@1000.service"
}


-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 
'testing'), (200, 'unstable'), (150, 'stable'), (100, 'experimental'), (1, 
'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en_GB (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages kactivitymanagerd depends on:
ii  kio  5.44.0-2
ii  libc62.27-3
ii  libkf5co