Quoting Ian Campbell (2021-02-24 18:50:39)
> What are the security implications for users/clients of using this or more
> importantly enabling it by default?
>
> Presumably clients have to trust that the server is not going to feed
> them malicious debug info. Are the tools which consume this information
> written to operate on completely untrusted inputs? It seems like many
> of them could have been written historically with the assumption that
> their inputs are mostly to be trusted. I suppose the use https helps
> mitigate this at least a bit when it comes to a debian.{org,net}
> service.
>
> What about information leakage? apart from debugids does this leak
> anything else to the server? On a quick look it seems like it might
> potentially leak source code paths (at least the leaf bits) to things
> being debugged -- does this mean that if a user is debugging private
> software (perhaps unpublished or perhaps proprietary software for
> $work) on a Debian system they are at risk of leaking the source
> filenames if they run gdb on one of their binaries while debugging? This
> might be a problem if it comes to enabling this transparently.
This sounds like it should be treated in a similar way as we treat submissions
to popcon.debian.org where we ask the user explicitly and which is not getting
enabled unless with explicit consent by the user.
Thanks!
cheers, joschAttachment:
signature.asc
Description: signature