Re: Which Debian packages leak information to the network?
* ale , 2016-05-20, 10:26: I think you could also use AppArmor profiles to filter network access per application in the way you describe. I don't believe Debian kernels support this: #712451 -- Jakub Wilk
Re: Which Debian packages leak information to the network?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 >> On 20/05/16 09:55, Elmar Stellnberger wrote: Well, in order to >> block network access for individual apps you would need something >> like SELinux. However I do not know abouot the availability of >> security profiles for all such apps, neither do I know about a >> convenient tool to browse such profiles f.i. in order to see >> whehther a given app is allowed to access the network. >> On 20/05/16 11:26, ale wrote: > I think you could also use AppArmor profiles to filter network > access per application in the way you describe. > The problem with AppArmor (I am not sure with SeLinux) is that all the information about what packages/programs are allowed to use Internet will be distributed on different AppArmor profiles which are pretty difficult to maintain and manage. The ideal scenario should be some file on /etc/ with a list of all packages with access granted, so an user could easily add or remove permissions. A package which network access by default will be added automatically on install. Some packages could be optional (like gnome-calculator), on install (or on first run) the user will be asked if they want to grant access to it. I do not know any distribution doing something like this, so probably it has some problems or backwards. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXPt27AAoJEBQTENjj7QilPgIQAJ/FQKZrkI3FhvKgEr1GcX2B 1igMBMfdcHLZvZZb5vG3P018mrA1XbPFOuhCfiCMCKilmzTiyMk9KJCSGPbdRgKs iEXvavK4AVXGHTu2b0q4PxEtM507Eg+sAdcrJZUIQZ4p+kwflqZ/yCPGVcbHL/Go g6cNiioG1DCTxI7zuuLpkOZFk/ykkdEfAwCFeiWkGyNSLWRfdVBKLbJ+rkMG/JQd 4xTauFJ8Eo8LY2GT1TOlJ4yP4e0Lj/bJYxO4n5zg5k5yAwss4YyFhmsCNLoemn/s a0gI1GZl1uxs80X9Ll4Tma+mvZvX7v/L/tTF+KG72qS8AeDqJe8gZ4PJbKrTbbzw Uy0zgmh+lstTqfpj0SXyIP4nUKpue9gAoPHEfp4Tt0TmhzBGsPzeNHDk24isy7QR gp+l0TpEfc58ONHeBZAdVwdiJTmW0fRDaA5Lfj26773S3jYzxND8Igpsigqn8kuB ahnn+/yY4ucI/YWu9n7ntaA2R9vHjaOP7Cj+FqlZs8qvTbUnM8X7naEuSpqI8PoS DuefP9XgeIxLuumNtRkzZRt4DbqsHkPu6qe9Lt2CNl6FZCkhVPCzA8qUFO9E0A5G zLoZZM6ENkBQP2qrEb3Yhgq9+9PSyfD6uqF38OplxTdkyx4NgVFAgqnVukplken+ q5440aqvJHK09tevWSjC =vzxJ -END PGP SIGNATURE-
Re: Which Debian packages leak information to the network?
I think you could also use AppArmor profiles to filter network access per application in the way you describe. On 20/05/16 09:55, Elmar Stellnberger wrote: > > > Am 2016-05-20 um 10:34 schrieb donoban: >> >> I am running Debian on Qubes OS, I use gnome-calculator on a vault >> domain (a VM without any network device) because I though it does not >> need Internet or data/files from another domain. So without any >> knowledge I was protecting myself from this privacy leak... >> >> Maybe Debian should adopt a strong policy about what packages should >> have Internet access and what does not... All packages not supposed to >> have Internet access will be blocked by firewall or a similar approach >> (probably some kind of whitelist). >> > > Well, in order to block network access for individual apps you would > need something like SELinux. However I do not know abouot the > availability of security profiles for all such apps, neither do I know > about a convenient tool to browse such profiles f.i. in order to see > whehther a given app is allowed to access the network. > -- ale [wwb.cc | 414c45.net | @414c45] signature.asc Description: OpenPGP digital signature
Re: Which Debian packages leak information to the network?
Am 2016-05-20 um 10:34 schrieb donoban: I am running Debian on Qubes OS, I use gnome-calculator on a vault domain (a VM without any network device) because I though it does not need Internet or data/files from another domain. So without any knowledge I was protecting myself from this privacy leak... Maybe Debian should adopt a strong policy about what packages should have Internet access and what does not... All packages not supposed to have Internet access will be blocked by firewall or a similar approach (probably some kind of whitelist). Well, in order to block network access for individual apps you would need something like SELinux. However I do not know abouot the availability of security profiles for all such apps, neither do I know about a convenient tool to browse such profiles f.i. in order to see whehther a given app is allowed to access the network.
Re: Which Debian packages leak information to the network?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 18/05/16 18:54, Holger Levsen wrote: > On Wed, May 18, 2016 at 06:33:52PM +0200, Jakub Wilk wrote: >> Could you explain how any of these tools leak any information >> "without a user's consent/expectation"? > > gnome-calculator contacts a web page/service with currency > exchange information *on every start*, I think that's a good > example of the kind of programs Patrick is looking for. > > I am running Debian on Qubes OS, I use gnome-calculator on a vault domain (a VM without any network device) because I though it does not need Internet or data/files from another domain. So without any knowledge I was protecting myself from this privacy leak... Maybe Debian should adopt a strong policy about what packages should have Internet access and what does not... All packages not supposed to have Internet access will be blocked by firewall or a similar approach (probably some kind of whitelist). Then, the privacy leak surface will be very small and easy to audit. -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCAAGBQJXPsweAAoJEBQTENjj7Qil9oUQALTcpe+hrqSccXeqTGSieIEs Lf6pHoVSNU6grzvIs4YTxKPhTbzq/ZBohmBhps1FLJbeeDHNtZisxVOwj0lcTKpZ 835QmWZ0+fOXgwbh6V6UqwCjraKj9g7236RhfXmob//ejKhrZHfKoYfYl1KzO6nx /Q9sMj7XoKL1tFItyWX6Edq9BqIvPZwmsrGLmOaTkPtWRI1GWFFgOjYwLv9vjUBY z+AwX8eEGG7DUvfYMqez1HkEvDhcxnxw0wS+Yn0aQL33jhS1beoh4lI1GXcLbm8F 3gny5ZizMiA4lmaRC+HPUOW6bcEeNEemH8zumQNu3A3CxStW62s6rSaf9C9WK++G TRwtP43gN6OlM6GZM4jssYk7GD4chjmbb74LujQWuuHSMyxED6MOhUH2RyMTHl1y gPx2x6XGyByyu8s/DcbuJzjhQ16Xy64GIx1/uOb03HuxnHRrM5astHM0FqF4kWW4 JrzXU5jMzm7/a2Fqz3MZBZsBgUAZTql+LerkZG8WIrIJing1ocnDQvo/bYS/yL7G LN4h2Iojsq/NE3mIZbpRsP/60nRyFagRjNDWAL3HrZ8h9dLRec4NrsGisGB7NqDc ypOHEwPrZ25Ha2w5hGBz1LPH0tNvK1KNX9IWbYFABPm8qIQ9uNB7R+Eej+WyRdVQ CoSqJxhqugd/FlFFL74/ =OPRB -END PGP SIGNATURE-
Re: Which Debian packages leak information to the network?
On Fri, May 20, 2016 at 03:47:35AM +0200, Weber wrote: > Am 19.05.2016 um 18:42 schrieb Paul Wise: > > On Wed, May 18, 2016 at 11:50 PM, Patrick Schleizer wrote: > > > >> Hello we are a privacy-centric distro based on Debian and wanted to know > >> what Debian packages leak information about the system to the network > >> without a user's consent/expectation. > > > > Debian probably needs a privacy team to audit all packages that send > > data to the network and develop mitigation, configuration or patches > > to counter these. > > > > this is a very good plan. > > > my idea: > > - make a new "info table" for all packages "privacy data used by app " > > - what exact meta data > > - who gets the data ; if third who? > > - how long ist the data saved and in which country > > > > --> write to all developers an email ,and ask them to fill out the > tables for their packages .Now and in future. > > > If they will not do it , make a button "unsafe" or else... > > This job should do the programmer,and a team > should control if their inputs are correct. > > > Ps. > > This idea was sent to google and Mozilla ,too > But they dont want to write this infos to PLAY or Firefox Apps . > Because then users could see,what data is sniffed and will perhaps > stop millions to use it... > > You know , privacy is not really wanted from some companies... > Who knows the english translation of the french words 'libre' and 'gratuit'? P.S. Thanks for replying below the text. It is good to read in the discussion order. Groeten Geert Stappers -- Leven en laten leven
Re: Which Debian packages leak information to the network?
On Fri, May 20, 2016 at 12:42 AM, Paul Wise wrote: > Debian probably needs a privacy team to audit all packages that send > data to the network and develop mitigation, configuration or patches > to counter these. Looks like there are a few related teams but they are mostly about tools: https://wiki.debian.org/DebianPrivacy https://wiki.debian.org/DebianSanctuary https://wiki.debian.org/Teams/AnonymityTools If someone wants to organise a BoF at DebConf16 I will be willing to attend and brainstorm this. -- bye, pabs https://wiki.debian.org/PaulWise
Re: Which Debian packages leak information to the network?
hi this is a very good plan. my idea: - make a new "info table" for all packages "privacy data used by app " - what exact meta data - who gets the data ; if third who? - how long ist the data saved and in which country --> write to all developers an email ,and ask them to fill out the tables for their packages .Now and in future. If they will not do it , make a button "unsafe" or else... This job should do the programmer,and a team should control if their inputs are correct. Ps. This idea was sent to google and Mozilla ,too But they dont want to write this infos to PLAY or Firefox Apps . Because then users could see,what data is sniffed and will perhaps stop millions to use it... You know , privacy is not really wanted from some companies... cheers Am 19.05.2016 um 18:42 schrieb Paul Wise: > On Wed, May 18, 2016 at 11:50 PM, Patrick Schleizer wrote: > >> Hello we are a privacy-centric distro based on Debian and wanted to know >> what Debian packages leak information about the system to the network >> without a user's consent/expectation. > > Debian probably needs a privacy team to audit all packages that send > data to the network and develop mitigation, configuration or patches > to counter these. >
Re: Which Debian packages leak information to the network?
On Wed, May 18, 2016 at 11:50 PM, Patrick Schleizer wrote: > Hello we are a privacy-centric distro based on Debian and wanted to know > what Debian packages leak information about the system to the network > without a user's consent/expectation. Debian probably needs a privacy team to audit all packages that send data to the network and develop mitigation, configuration or patches to counter these. -- bye, pabs https://wiki.debian.org/PaulWise
Re: Which Debian packages leak information to the network?
On 2016-05-19 17:03, Patrick Schleizer wrote: Holger Levsen: On Wed, May 18, 2016 at 06:33:52PM +0200, Jakub Wilk wrote: Could you explain how any of these tools leak any information "without a user's consent/expectation"? gnome-calculator contacts a web page/service with currency exchange information *on every start*, I think that's a good example of the kind of programs Patrick is looking for. Yes! :) fwiw I'd still be interested in an answer to Jakub's original question. Regards, Adam
Re: Which Debian packages leak information to the network?
Holger Levsen: > On Wed, May 18, 2016 at 06:33:52PM +0200, Jakub Wilk wrote: >> Could you explain how any of these tools leak any information "without a >> user's consent/expectation"? > > gnome-calculator contacts a web page/service with currency exchange > information *on every start*, I think that's a good example of the kind > of programs Patrick is looking for. > > Yes! :)
Re: Which Debian packages leak information to the network?
On 5/18/16, Holger Levsen wrote: > On Wed, May 18, 2016 at 06:33:52PM +0200, Jakub Wilk wrote: >> Could you explain how any of these tools leak any information "without a >> user's consent/expectation"? > > gnome-calculator contacts a web page/service with currency exchange > information *on every start*, I think that's a good example of the kind > of programs Patrick is looking for. Ah, good one for developing a train of thought.. Instantly made me think of my weather app which reaches out to the Netherlands very regularly to garner its information. It would seemingly be disclosing a user chosen location to gather what it needs, but perhaps not. I (shamefully) don't know, *grin*. And there used to be a package install/uninstall documenting "popularity" program somewhere along the lines that I THINK was reporting back very quietly in the background. I can't remember what distro had that but it caused an understandable stink (an extended disgruntled discussion). Mentioning this one in case it likewise stirs up thoughts of anything operating similarly these days.. Just thinking out loud... :) Cindy :) -- Cindy-Sue Causey Talking Rock, Pickens County, Georgia, USA * runs with duct tape *
Re: Which Debian packages leak information to the network?
On Thu, May 19, 2016 at 7:56 AM, georg wrote: > On 16-05-18 16:54:27, Holger Levsen wrote: >> gnome-calculator contacts a web page/service with currency exchange >> information *on every start*, > > Is this "publicly" known? Is this discussed with the upstream devs? https://bugzilla.gnome.org/show_bug.cgi?id=741828 -- bye, pabs https://wiki.debian.org/PaulWise
Re: Which Debian packages leak information to the network?
On 16-05-18 16:54:27, Holger Levsen wrote: > gnome-calculator contacts a web page/service with currency exchange > information *on every start*, Is this "publicly" known? Is this discussed with the upstream devs? signature.asc Description: Digital signature
Re: Which Debian packages leak information to the network?
On Wed, May 18, 2016 at 06:33:52PM +0200, Jakub Wilk wrote: > Could you explain how any of these tools leak any information "without a > user's consent/expectation"? gnome-calculator contacts a web page/service with currency exchange information *on every start*, I think that's a good example of the kind of programs Patrick is looking for. -- cheers, Holger signature.asc Description: Digital signature
Re: Which Debian packages leak information to the network?
* Patrick Schleizer , 2016-05-18, 15:50:
we are a privacy-centric distro based on Debian and wanted to know what
Debian packages leak information about the system to the network
without a user's consent/expectation.
As documented on the page below, a system's security also depends on
avoiding leaking any identifiable information to network adversaries by
accident.
python-requests used to include kernel version number in User-Agent.
(And also Python version, but that's less exciting.) This was fixed
upstream in 2.8.0:
https://github.com/kennethreitz/requests/issues/2785
pip leaks even more stuff in U-A:
$ python -c 'import pip; print pip.download.user_agent()'
pip/8.1.2
{"cpu":"x86_64","distro":{"libc":{"lib":"glibc","version":"2.7"},"name":"debian","version":"stretch/sid"},"implementation":{"name":"CPython","version":"2.7.11+"},"installer":{"name":"pip","version":"8.1.2"},"openssl_version":"OpenSSL
1.0.2h 3 May 2016","python":"2.7.11+","system":{"name":"Linux","release":"4.5.0-2-amd64"}}
(As a side note, I don't think this is RFC-2616-compliant...)
Popcon, bts, wnpp-check are the noted examples
Could you explain how any of these tools leak any information "without a
user's consent/expectation"?
--
Jakub Wilk
Which Debian packages leak information to the network?
Hello we are a privacy-centric distro based on Debian and wanted to know what Debian packages leak information about the system to the network without a user's consent/expectation. As documented on the page below, a system's security also depends on avoiding leaking any identifiable information to network adversaries by accident. Popcon, bts, wnpp-check are the noted examples so far (which we blacklist in our distro). Please help notify us of any other such packages. https://wiki.debian.org/TorifyDebianServices
