Apport

Apport reports wireless encryption key when attach_wifi is used in an apport hook

Bug #446299 reported by Hugh Saunders on 2009-10-08

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	Apport	Fix Released	High	Marco Rodrigues
	apport (Ubuntu)	Fix Released	High	Martin Pitt

Bug Description

What happened:
I upgraded to karmic beta and started poking around in network manager. Network manager crashed and apport offered to send a bug report. The bug report included iwconfig output which includes essid, bssid and an encryption key.

What I expected to happen:
I would expect apport to mask the encryption key in the information submitted.

Further Notes:
I noticed that the iwconfig output doesn't seem to be available in other network manager bug reports (good), but still shouldn't be submitted.

Trivial Patch:
hugh@anni:~/apb$ diff /usr/lib/python2.6/dist-packages/apport/hookutils.py.orig /usr/lib/python2.6/dist-packages/apport/hookutils.py
412c412
< report['IwConfig'] = command_output(['iwconfig'])
---
> report['IwConfig'] = re.sub("Encryption key:[^[]*\[","Encryption Key:xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx [",command_output(['iwconfig']))

Related branches

lp:~gothicx/apport/hide_wifi_enc_key

Merged into lp:~apport-hackers/apport/trunk

Apport upstream developers: Pending requested 2009-10-25

lp:~apport-hackers/apport/trunk

lp:ubuntu/lucid/apport

Revision history for this message

Hugh Saunders (hughsaunders) wrote on 2009-10-08:

Edited Crash Report Edit (16.0 KiB, text/plain)

I have attached the crash report showing the problem. I have snipped quite a lot from the report to make it small enough to upload to launchpad. I have also manually masked the encryption key.

Hugh Saunders (hughsaunders) on 2009-10-08

summary:

- Apport reports wireless encryption key when network manager crashses
+ Apport reports wireless encryption key when attach_wifi is used in an
+ apport hook

Revision history for this message

Marco Rodrigues (gothicx) wrote on 2009-10-09:

I think it should be better to remove the key after "Encryption key:", not needed to replace the key with 'x'.

Revision history for this message

Erik Wahlstrom (edub) wrote on 2009-10-17:

I experienced a kernel oops and was just looking through the Apport report before submitting it. I noticed the same problem regarding the encryption key for my wireless network. As a result of this, unfortunately, I will not be submitting the report.

Marco Rodrigues (gothicx) on 2009-10-25

Changed in apport:
assignee:	nobody → Marco Rodrigues (gothicx)
status:	New → Confirmed

Revision history for this message

Martin Pitt (pitti) wrote on 2009-10-26:

trunk r1631, thanks Marco!

Changed in apport:
importance:	Undecided → High
Changed in apport (Ubuntu):
importance:	Undecided → High
Changed in apport:
status:	Confirmed → Fix Committed
Changed in apport (Ubuntu):
assignee:	nobody → Martin Pitt (pitti)
status:	New → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-11-06:

This bug was fixed in the package apport - 1.9.4-0ubuntu1

---------------
apport (1.9.4-0ubuntu1) lucid; urgency=low

  [ Marco Rodrigues ]
  * etc/default/apport: Replace the old init.d force_start command by
    the Upstart one.
  * debian/apport.upstart: If $force_start=1 is given then run the job.
  * debian/local/apport-collect: Don't collect information if bug is a
    duplicate. (LP: #471429)

  [ Martin Pitt ]
  * New upstream bug fix release:
    - Fix crash when ExecutablePath isn't part of a package. (LP: #424965)
    - hookutils.py, attach_hardware(): Anonymize disk labels. Thanks to Marco
      Rodrigues. (LP: #394411)
    - hookutils.py, attach_wifi(): Anonymize encryption key (which appeared in
      hex when being called as root). Thanks to Marco Rodrigues. (LP: #446299)
    - launchpad.py: If unset, set bug task source package also for interpreter
      crashes.
    - apport-gtk: Give details window a minimize/maximize button, which were
      missing in some window managers. Thanks to Marien Zwart. (LP: #447749)
    - apport-kde: Properly terminate program after closing the last dialog.
      (LP: #458662)
    - hookutils.py, attach_alsa(): Attach /proc/asound/version. (LP: #467233)
    - general-hooks/generic.py: Only collect ~/.xsession-errors bits when we
      have an ExecutablePath linked to libgtk.
  * debian/control: Update Vcs-Bzr: for lucid branch.
  * data/package-hooks/source_linux.py: Add interactive questionaire, thanks
    Leann Ogasawara! (LP: #444672)
-- Martin Pitt <email address hidden> Fri, 06 Nov 2009 14:06:52 +0100