Ubuntu

Bug report requests password?

Asked by Berit Dangaard Brouer

Hi,

I have just installed some new hardware support via my package udpate manager. Afterwards I get an error message for a system program. I click "send error report" and am then prompted for my password.

I have been unable to find packages that are compromised vis debsums and also I cannot see any new programs but knotify and a backup program called dejadup appearing in the program log (via command ps aux). The dejadup package seems authentical, so I am wondering whether this is actually designed by ubuntu in this way and which programs displays such behavior.

If this is fully intentional I think this is a major problem as you should never be prompted for your password to send an error report. You have to find a work around for this as this is a security loop hole and you should not let the users get used to and trust that this is common behavior to enter a password for a crash report.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said : 		#1

When a problem with a program is detected on Ubuntu, there are details collected and a report is sent (if you agree).
The data collection in some cases has to access system data that can only be accessed with administrative rights. This is the reason that the user is asked for the password as confirmation (similar to using sudo for starting an administrative command).

I do not understand where you see a problem with that. If you do not want so send such report, just do not provide the password but close that window. In my opinion letting apport access all information WITHOUT asking a password for confirmation would be a big security hole.

see also
https://wiki.ubuntu.com/Apport
https://wiki.ubuntu.com/ErrorTracker

Revision history for this message
Berit Dangaard Brouer (berit) said : 		#2

I can see the usefulness of sending bug reports and being a developer
myself I always agree to send a report. However, I am normally not
prompted for a password. I can see that some system programs will need root
access to report the information needed for debugging, but I still see a
problem with the approach of apport in this case. First of all I am only
informed that a system program has an error and would like to send an error
report. It would help my trust tremendously if I was informed which system
program we are talking about, such that I can in some way verify that this
is actually a package that I have. ( I have attached pictures of the report
window on screen). Before I would then agree to send a crash report I would
probably want to verify in some way that the program or its package had not
been compromised. I still think it is a bad idea to educate the users to
give their passwords in order to send an error report for any program, and
it must be possible to create and collect user reports without prompting
them for passwords. You could agree or disagree up front upon installation
of Ubuntu to send error reports for system programs or which system
programs you agree to report. To sum it up, my concern is not the ability
to send bug reports, but the UI. Personally, I will not agree to send a
crash report for a program, that requests my password and does not tell me
anything about the program crashed or its authenticy (and then you are not
getting the information for debugging from me). As it is designed now I
would always suspect malware and opt out as I cannot verify the authenticy
of the program requesting my password.

2014-08-13 13:47 GMT+02:00 Manfred Hampl <
<email address hidden>>:

> Your question #253026 on Ubuntu changed:
> https://answers.launchpad.net/ubuntu/+question/253026
>
> Status: Open => Answered
>
> Manfred Hampl proposed the following answer:
> When a problem with a program is detected on Ubuntu, there are details
> collected and a report is sent (if you agree).
> The data collection in some cases has to access system data that can only
> be accessed with administrative rights. This is the reason that the user is
> asked for the password as confirmation (similar to using sudo for starting
> an administrative command).
>
> I do not understand where you see a problem with that. If you do not
> want so send such report, just do not provide the password but close
> that window. In my opinion letting apport access all information WITHOUT
> asking a password for confirmation would be a big security hole.
>
> see also
> https://wiki.ubuntu.com/Apport
> https://wiki.ubuntu.com/ErrorTracker
>
> --
> If this answers your question, please go to the following page to let us
> know that it is solved:
> https://answers.launchpad.net/ubuntu/+question/253026/+confirm?answer_id=0
>
> If you still need help, you can reply to this email or go to the
> following page to enter your feedback:
> https://answers.launchpad.net/ubuntu/+question/253026
>
> You received this question notification because you asked the question.
>

Revision history for this message
Manfred Hampl (m-hampl) said : 		#3

I think your ideas and opinion should be discussed with the developers of the https://launchpad.net/ubuntu-error-tracker project.

Can you help with this problem?

Provide an answer of your own, or ask Berit Dangaard Brouer for more information if necessary.

To post a message you must log in.