Your message dated Thu, 25 Feb 2010 23:01:20 +0100
with message-id <20100225220120.ga7...@galadriel.inutil.org>
and subject line Re: System information in bug reports may be security-sensitive
has caused the Debian Bug report #555680,
regarding System information in bug reports may be security-sensitive
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
555680: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555680
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: linux-2.6
Version: 2.6.31-1
Severity: normal
Tags: security
The bug script now offers to include network configuration and status.
The network configuration file /etc/network/interfaces may include
encryption keys for wireless networks, which we should scrub. There
is also a more general problem of sensitive information in the kernel
log, but I'm not sure what we can do about that.
Ben.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.31-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Version: 2.6.32-1
On Thu, Nov 19, 2009 at 03:04:43PM +0100, Stefan Lippers-Hollmann wrote:
> Hi
>
> r14441 [1], "hide wireless keys and wake-on-LAN password when including
> network configuration in bug reports (bug #555680)".
>
> It is unfortunately not enough to prune "wireless-key" from bugreports, as
> wpasupplicant defines additional means to configure passwords for wireless
> links[2], namely wpa-psk and wpa-password. Additionally I suggest to prune
> commented out lines as well, as these might contain passwords or other
> sensitive information and have no relevance for bugreporting.
>
> The attached, valid, /etc/network/interfaces example illustrates the
> problem with these means of configuration. The following patch applies to
> sid and trunk of linux-2.6 (r14649).
Thanks, this was fixed by Ben in
linux-2.6 (2.6.32~rc8-1~experimental.1) unstable; urgency=low
[..]
* Hide WPA authentication parameters and comments when including network
configuration in bug reports
Cheers,
Moritz
--- End Message ---
