Re: Automatic Kernel Bug Report
From: Jesper Juhl
Date: Sun Jul 09 2006 - 16:23:54 EST
On 09/07/06, Daniel Bonekeeper <thehazard@xxxxxxxxx> wrote:
...
Hopefully, in some bugs where nothing is printed (i.e., syslog died,
is not running, or we are in kernel context and never get back to user
mode), having a notifier on the kernel may ensure that the bug report
is sent (since we don't need userspace interaction to get it working).
...
Have you considered the privacy implications of this?
If you implement something like this it most definately needs to be
configurable and default to *OFF* and need explicit user intervention
to turn on.
Also consider that any data transmitted should probably be encrypted
during transmission - not something you want to start doing after you
just Oops'ed.
I for one certainly do *NOT* want my kernel to "phone home" and
disclose information about my computer without my concent - that, in
my book, is called spyware.
Consider this :
If my machine connects to some off-site location and submits an Oops
at least the following information about me will (or may) be disclosed
:
- My IP address.
- My OS.
- Portions of memory on my machine that may contain sensitive info
(encryption keys for instance or personal data).
- Name(s) of applications I have running.
- gcc version of the compiler I used to build the kernel.
- Details of hardware I have in the box (architecture etc).
and probably a lot more that I've forgotten to include.
I consider the above info privileged and personal and something that
requires my explicit concent to release. It's *NOT* something I want
my computer to submit off-site without me knowing about it.
Also consider that I may be using a labtop and be connected to a
network where I may not be allowed to connect off-site except under a
specific set of circumstances. This thing could make me violate such a
policy without knowing about it.
I may also be connected to a network where the firewall logs all my
outgoing connections and I may not want people to know I'm running
Linux. A Linux kernel Oops from my machine showing up in the firewall
logs would certainly disclose that fact.
There are more things to consider than just "would this be useful for
kernel development" - privacy in this case is a major issue.
--
Jesper Juhl <jesper.juhl@xxxxxxxxx>
Don't top-post http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please http://www.expita.com/nomime.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/