Re: bug database braindump from the kernel summit

David Lang (dlang@diginsite.com)
Sun, 1 Apr 2001 22:07:25 -0700 (PDT)


Miles, if the system is just sending the config info it may not be a
problem, but take the microsoft example, how do you know the bug report is
just sending info that is relevent to the system and not trying to
discover everything that you have installed in your system (in our case we
can't be looking for pirated software, but assuming that the bug report is
being sent as root how do you know that it's not sending out your password
file if it just send 'stuff' out)

David Lang

On Sun, 1 Apr 2001, Miles Lane wrote:

> David Lang wrote:
> >
> > On Sun, 1 Apr 2001, Larry McVoy wrote:
> >
> > when generating the auto bug reports make sure that the system tells the
> > user exactly what data is being sent.
> >
> > sending a large chunk of unknown data off the machine is a big concern to
> > many people.
>
> Yeah. This is a good point, although I can't think of info
> about a system's hardware and software configuration that would
> be particularly sensitive, other than files that contain network
> topology or encrypted passwords. I'm sure others can come up
> with such a list. One candidate might be the smbfs configuration
> file, since network passwords can live there, right? tcpdump output
> might also be sensitive, but that type of info would need to get
> requested by network driver developers after the initial bug report
> anyhow.
>
> Miles
>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/