Bug 1009730
Summary: | 'Sensitive' information logic too dumb to be much use | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Adam Williamson <awilliam> |
Component: | libreport | Assignee: | Jakub Filak <jfilak> |
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | dvlasenk, jberan, jfilak, jmoskovc, kparal, kvolny, mcatanzaro+wrong-account-do-not-cc, mlichvar, mmilata, mtoman, pedrogfrancisco |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Fixed In Version: | libreport-2.1.10-1.fc21 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-01-08 06:52:05 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Adam Williamson
2013-09-19 02:29:32 UTC
this may be gnome-abrt not libreport; please re-assign if so. I don't know where the 'sensitive data' stuff is handled. So I've implemented the whitelist, so far I have this words: login.so #rhbz#896246 libsecret.so Do you have any other candidates for this list? As mentioned above, the 'environ' tab of the 'sensitive data' dialog always/almost always highlights the line: USERNAME=adamw amusingly, the line: USER=adamw right before it is *not* highlighted. Outright *suppressing* that may be better than whitelisting it, though, I suppose. Filtering the saved information will require more code changes, so for now I'm going to put it to the whitelist (and hope, that noone considers their username as sensitive information). well if you're going to take that approach you may as well just take 'username' out of the list of strings that trigger the 'sensitive info' path, rather than listing it in both the blacklist *and* the whitelist :) Also: SHELL=/sbin/nologin/ commit 6fcea5a51c4a25d8d756dde6f15bee8aee11585e Author: Jiri Moskovcak <jmoskovc> Date: Fri Sep 20 14:44:35 2013 +0200 added whitelist for sensitive data - rhbz#1009730 rhbz#896246 Signed-off-by: Jiri Moskovcak <jmoskovc> More lines to filter out: ... /lib64/libsystemd-login.so.0 ... /lib64/libaccountsservice.so.0 ... /usr/lib64/girepository-1.0/AccountsService-1.0.typelib *** Bug 896246 has been marked as a duplicate of this bug. *** The other major usability issue is that although possibly sensitive text is highlighted, you usually have to horizontal scroll in order to see it, which is not practical in combination with the required vertical scrolling: you'd have to spend ages doing some sort of checkerboard pattern to inspect all the data and ensure you haven't missed anything highlighted. Ideally there would be a quick way to jump between highlighted terms, but simply removing horizontal scrolling would help a ton. "Ideally there would be a quick way to jump between highlighted terms" There actually is one - I forget the details, but there is a button somewhere in the window which simply jumps from highlighted term to highlighted term. I missed it for a while too, but once I found it it looked pretty obvious. (In reply to Adam Williamson from comment #11) > "Ideally there would be a quick way to jump between highlighted terms" > > There actually is one - I forget the details, but there is a button > somewhere in the window The hidden jump buttons are located on the right bottom corner of the window right after the search text entry. http://jfilak.fedorapeople.org/media/report-gtk-highlight-sensitive-buttons.png Oh that's good. It really ought to be much clearer, though. 'accountsservice' in various forms (it's a GNOME lib) is still a problem in current F20. and yeah, it'd be nice to make the 'jump to next sensitive item' arrows a LOT more obvious somehow. I've created a pull request [1] which adds 'accountsservice' to the sensitive white list. 1: https://github.com/abrt/libreport/pull/221 Upstream commit ffcca2e498bfbf761c8398a82c15e2b4dd1a6043 fixes this bug. |