** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/2046633
Title:
Don't include 'nmcli -f all con' output in bug report (for privacy)
Status in network-manager package in Ubuntu:
New
Bug description:
The apport bug reporting hooks for this package
(/usr/share/apport/package/hooks/source_network-manager{,-applet}.py)
include the output of `nmcli -f all con`. This lists all wifi SSIDs
that the user has ever connected to, and the date of last connection.
I think this is a privacy problem, as it tends to reveal the user's
recent whereabouts, and it's posted publicly on launchpad. (Imagine
for instance an entry for "LoveMotelGuestWifi" at a time when the user
had said they were at the office...)
It is disclosed to the user before the report is sent, but only if
they think to expand that item in the "Send / Don't send" dialog
(which is not descriptively labeled), and there is no way to opt out
of it. You can delete it manually from launchpad afterward, which is
what I am going to do with this bug report, but I doubt most people
would know to do that.
This info should probably not be included at all, or if it is, it
should be sanitized. Also, it might be a good idea to purge launchpad
of all such files.
(Marking this as "security" in case you consider this kind of a
privacy leak to be something the security team should handle. If not,
feel free to demote it to an ordinary bug.)
ProblemType: Bug
DistroRelease: Ubuntu 23.10
Package: network-manager 1.44.2-1ubuntu1.2
ProcVersionSignature: Ubuntu 6.5.0-14.14-generic 6.5.3
Uname: Linux 6.5.0-14-generic x86_64
ApportVersion: 2.27.0-0ubuntu5
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Sat Dec 16 14:38:45 2023
IfupdownConfig:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
InstallationDate: Installed on 2019-06-03 (1657 days ago)
InstallationMedia: Ubuntu 19.04 "Disco Dingo" - Release amd64 (20190416)
IpRoute:
default via 192.168.1.13 dev enxa0cec8c4f782 proto dhcp src 192.168.1.60
metric 100
169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.1.0/24 dev enxa0cec8c4f782 proto kernel scope link src 192.168.1.60
metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
linkdown
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
XDG_RUNTIME_DIR=<set>
SourcePackage: network-manager
UpgradeStatus: Upgraded to mantic on 2023-12-14 (3 days ago)
modified.conffile..etc.default.apport:
# set this to 0 to disable apport, or to 1 to enable it
# you can temporarily override this with
# sudo service apport start force_start=1
enabled=0
mtime.conffile..etc.default.apport: 2020-08-04T11:07:36.415303
nmcli-nm:
RUNNING VERSION STATE STARTUP CONNECTIVITY NETWORKING WIFI-HW
WIFI WWAN-HW WWAN
running 1.44.2 connected started full enabled enabled
enabled missing enabled
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/2046633/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
