Re: Automatic Kernel Bug Report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/07/06, Daniel Bonekeeper <[email protected]> wrote:
...

Hopefully, in some bugs where nothing is printed (i.e., syslog died,
is not running, or we are in kernel context and never get back to user
mode), having a notifier on the kernel may ensure that the bug report
is sent (since we don't need userspace interaction to get it working).

...

Have you considered the privacy implications of this?

If you implement something like this it most definately needs to be
configurable and default to *OFF* and need explicit user intervention
to turn on.
Also consider that any data transmitted should probably be encrypted
during transmission - not something you want to start doing after you
just Oops'ed.

I for one certainly do *NOT* want my kernel to "phone home" and
disclose information about my computer without my concent - that, in
my book, is called spyware.

Consider this :

If my machine connects to some off-site location and submits an Oops
at least the following information about me will (or may) be disclosed
:

- My IP address.
- My OS.
- Portions of memory on my machine that may contain sensitive info
(encryption keys for instance or personal data).
- Name(s) of applications I have running.
- gcc version of the compiler I used to build the kernel.
- Details of hardware I have in the box (architecture etc).

and probably a lot more that I've forgotten to include.

I consider the above info privileged and personal and something that
requires my explicit concent to release. It's *NOT* something I want
my computer to submit off-site without me knowing about it.

Also consider that I may be using a labtop and be connected to a
network where I may not be allowed to connect off-site except under a
specific set of circumstances. This thing could make me violate such a
policy without knowing about it.

I may also be connected to a network where the firewall logs all my
outgoing connections and I may not want people to know I'm running
Linux. A Linux kernel Oops from my machine showing up in the firewall
logs would certainly disclose that fact.

There are more things to consider than just "would this be useful for
kernel development" - privacy in this case is a major issue.


--
Jesper Juhl <[email protected]>
Don't top-post  http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please      http://www.expita.com/nomime.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux