Hi Brad, On Tue, May 24, 2011 at 05:53:22PM -0700, Brad Figg wrote: > On 05/24/2011 04:49 PM, Kees Cook wrote: > >On Tue, May 24, 2011 at 03:59:53PM -0700, Bryce Harrington wrote: > >>On Tue, May 24, 2011 at 11:46:48AM -0700, Kees Cook wrote: > >>>Hello! > >>> > >>>In Oneiric, I'd like to change the default availability of yet another > >>>long-standing system debugging feature: dmesg. > >>> > >>>Thoughts, flames, etc? > >> > >>See https://bugs.launchpad.net/ubuntu/+source/xorg/+bug/716595 for some > >>sudo caching problems apport has had to work around which might pose > >>some complications here as well. > > > >Yeah, that bug is pretty ugly. :) > > > >>Can you outline your plans for updating apport in conjunction with this > >>change? > > > >Well, it needs to be larger than just apport. A lot of things call dmesg, > >and I can't fix them all, but getting people educated about what has > >changed is the first step. > > > >As for apport itself, I do not have an immediate solution. hookutils.py's > >attachmesg() will need privs, and that's used all over the place > >(attach_alsa(), attach_hardware()): > > > >$ find -P /usr/share/apport -type f | xargs egrep -H > >'attach_(hardware|alsa|dmesg)' | cut -d: -f1 | sort -u | wc -l > >33 > > > >I'm open to suggestions. > > > >-Kees > > > > Just FYI, the kernel hooks already ask for permissions to get the > ACPI tables.
Yeah, the problem is that it's not a one-time question (see the bug above), so that each time we need privileges to gather data, apport will prompt for the sudo password _again_. :( Martin, do you have any thoughts on ways to deal with this? You did a lot of digging in that bug, and nothing really presented itself as a clean solution... -Kees -- Kees Cook Ubuntu Security Team -- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
