Hide Forgot
Description of problem: abrt uploads core dump without requesting permission first: Ok to upload core dump? (It may contain sensitive data). If your answer is 'No', a stack trace will be generated locally. (It may download a huge amount of data). 'YES' Querying server settings Preparing an archive to upload Version-Release number of selected component (if applicable): abrt-2.1.10-1.fc19.i686 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Core dump is uploaded with potentially sensitive data. Expected results: abrt should request from user permission to upload core dump. Additional info:
Thank you for the report. Can you please run 'system-config-abrt' and check state of "Ask before uploading coredump" option?
Many thanks for your reply, Jakub. The option was enabled, but it seems that it works fine right now. Since it’s working, I have another question: wouldn’t it be possible that the ask before uploading coredump could have a negative reply that wouldn’t be asked again? User should be able to choose once and forever not to upload coredumps and generate the strack trace locally. Many thanks for your help again, Pablo
You are right that users should be able to choose the other option, but we expect that those who want this are minority, so we do not offer such option in GUI. If you want to disable the uploading of cordedumps at all, you have to edit /etc/libreport/events.d/ccpp_event.conf, find 'EVENT=analyze_CCpp analyzer=CCpp' and replace 'abrt-action-perform-ccpp-analysis' by 'abrt-action-analyze-ccpp-local'.
Created attachment 857644 [details] sosreport from affected system
Well, this certainly bothers me. I don’t want core dumps uploaded without my permission, and past experience with ABRT would have lead me to believe me to expect that I would be asked, at least the first time. I think automatic uploads should be opt-in. It’s not that hard to click “OK.”
(In reply to redhatbugzilla from comment #5) Please read comment #2 and the first two sentences of comment #3.
(In reply to Jakub Filak from comment #3) > You are right that users should be able to choose the other option, but we > expect that those who want this are minority, so we do not offer such option > in GUI. Why is it harder for users to command abrt to analyze coredumps locally? I don’t think it makes sense, since abrt itself warns that the coredump might contain sensitive data.
(In reply to Pablo Rodríguez from comment #7) > Why is it harder for users to command abrt to analyze coredumps locally? It is harder to command ABRT to anlyze *every* coredump locally because there are only a minority of users who do not want to upload any coredump file. > > I don’t think it makes sense, since abrt itself warns that the coredump > might contain sensitive data. The coredump might contain sensitive data but no one except the retrace server administrator has access to the uploaded coredump files and the files stay on the server only for a couple of minutes.
(In reply to Jakub Filak from comment #8) > (In reply to Pablo Rodríguez from comment #7) > > Why is it harder for users to command abrt to analyze coredumps locally? > > It is harder to command ABRT to anlyze *every* coredump locally because > there are only a minority of users who do not want to upload any coredump > file. If this is the case, I can assure you that we are not communicating probably what is happening behind the scenes.
This message is a notice that Fedora 19 is now at end of life. Fedora has stopped maintaining and issuing updates for Fedora 19. It is Fedora's policy to close all bug reports from releases that are no longer maintained. Approximately 4 (four) weeks from now this bug will be closed as EOL if it remains open with a Fedora 'version' of '19'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 19 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Still happening on Fedora 21.
(In reply to Stuart D Gathman from comment #11) > Still happening on Fedora 21. Stuart, comment #2 clearly states that the reporter had the auto coredump uploading enabled. Could you please double check that this is not your case, too?
I didn't on f19, but I just checked, and yep, "ask before uploading" is disabled. So I guess the bug is wiping out that config (and questionable default). Sorry for the noise.
Fedora 19 changed to end-of-life (EOL) status on 2015-01-06. Fedora 19 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.