Bug#897388: marked as done (Logs accessed files, etc. to syslog)

To: Pino Toscano <pino@debian.org>
Subject: Bug#897388: marked as done (Logs accessed files, etc. to syslog)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 15 Feb 2020 16:39:05 +0000
Message-id: <[🔎] handler.897388.D897388.158178463912848.ackdone@bugs.debian.org>
Reply-to: 897388@bugs.debian.org
References: <5600812.RFdQ5ZbSH1@thyrus> <152521209364.21758.8433702356683018312.reportbug@Zia.metrics.net>

Your message dated Sat, 15 Feb 2020 17:37:13 +0100
with message-id <5600812.RFdQ5ZbSH1@thyrus>
and subject line Re: Bug#897388: Logs accessed files, etc. to syslog
has caused the Debian Bug report #897388,
regarding Logs accessed files, etc. to syslog
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
897388: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897388
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Logs accessed files, etc. to syslog
From: Anthony DeRobertis <anthony@derobert.net>
Date: Tue, 01 May 2018 18:01:33 -0400
Message-id: <152521209364.21758.8433702356683018312.reportbug@Zia.metrics.net>

Package: kactivitymanagerd
Version: 5.12.1-1
Severity: important

Similar (but nowhere near as bad as) bug #805399, ActivityManager is
logging files I access to the systemd journal & syslog. Some examples:

May  1 16:43:33 Zia org.kde.ActivityManager[4152]: Creating the cache for:  "applications:tora.desktop"
May  1 16:43:33 Zia org.kde.ActivityManager[4152]: Already in database?  true
May  1 16:43:33 Zia org.kde.ActivityManager[4152]:       First update :  QDateTime(2016-10-11 13:24:44.000 EDT Qt::TimeSpec(LocalTime))
May  1 16:43:33 Zia org.kde.ActivityManager[4152]:        Last update :  QDateTime(2018-05-01 14:48:00.000 EDT Qt::TimeSpec(LocalTime))
May  1 16:43:33 Zia org.kde.ActivityManager[4152]: After the adjustment
May  1 16:43:33 Zia org.kde.ActivityManager[4152]:      Current score :  4.5649
May  1 16:43:33 Zia org.kde.ActivityManager[4152]:       First update :  QDateTime(2016-10-11 13:24:44.000 EDT Qt::TimeSpec(LocalTime))
May  1 16:43:33 Zia org.kde.ActivityManager[4152]:        Last update :  QDateTime(2018-05-01 14:48:00.000 EDT Qt::TimeSpec(LocalTime))
May  1 16:43:33 Zia org.kde.ActivityManager[4152]: Interval length is  0
May  1 16:43:33 Zia org.kde.ActivityManager[4152]:          New score :  5.5649
May  1 16:43:33 Zia org.kde.ActivityManager[4152]: ResourceScoreUpdated: "beff6de3-1dc1-42b8-ab3d-2510f77b2ddf" "org.kde.krunner" "applications:tora.desktop"
May  1 17:33:32 Zia org.kde.ActivityManager[4152]: Creating the cache for:  "/mnt/Haruhi/netadmin/HPM Retention Comparison EXPORT.pdf"
May  1 17:33:32 Zia org.kde.ActivityManager[4152]: Already in database?  true
May  1 17:33:32 Zia org.kde.ActivityManager[4152]:       First update :  QDateTime(2018-05-01 17:32:38.000 EDT Qt::TimeSpec(LocalTime))
May  1 17:33:32 Zia org.kde.ActivityManager[4152]:        Last update :  QDateTime(2018-05-01 17:32:38.000 EDT Qt::TimeSpec(LocalTime))
May  1 17:33:32 Zia org.kde.ActivityManager[4152]: After the adjustment
May  1 17:33:32 Zia org.kde.ActivityManager[4152]:      Current score :  0
May  1 17:33:32 Zia org.kde.ActivityManager[4152]:       First update :  QDateTime(2018-05-01 17:32:38.000 EDT Qt::TimeSpec(LocalTime))
May  1 17:33:32 Zia org.kde.ActivityManager[4152]:        Last update :  QDateTime(2018-05-01 17:32:38.000 EDT Qt::TimeSpec(LocalTime))
May  1 17:33:32 Zia org.kde.ActivityManager[4152]: Interval length is  21
May  1 17:33:32 Zia org.kde.ActivityManager[4152]:          New score :  0.35
May  1 17:33:32 Zia org.kde.ActivityManager[4152]: ResourceScoreUpdated: "beff6de3-1dc1-42b8-ab3d-2510f77b2ddf" "okular" "/mnt/Haruhi/netadmin/HPM Retention Comparison EXPORT.pdf"

while hopefully the database itself is in my home director and
mode go-rw, the same can't be said for syslog and journal. This violates
user privacy on a multi-user system as the sysadmin is expected to read
syslog, but respect the privacy of $HOME. In addition, syslog and
journal are available to members of group adm, who may not have root.

From the journal, it appears that kactivymanagerd may be speweing this
to stdout, which is ultimately being picked up by systemd (I think
that's what _TRANSPORT of stdout means):

{
   "_EXE" : "/usr/bin/dbus-daemon",
   "_GID" : "1000",
   "__CURSOR" : "[[redacted]]",
   "_SYSTEMD_OWNER_UID" : "1000",
   "_COMM" : "dbus-daemon",
   "_UID" : "1000",
   "_SYSTEMD_CGROUP" : "/user.slice/user-1000.slice/user@1000.service/dbus.service",
   "_MACHINE_ID" : "[[redacted]]",
   "_HOSTNAME" : "Zia",
   "_SYSTEMD_USER_SLICE" : "-.slice",
   "_BOOT_ID" : "[[redacted]]",
   "MESSAGE" : "Creating the cache for:  \"/mnt/Haruhi/netadmin/HPM Retention Comparison EXPORT.pdf\"",
   "__MONOTONIC_TIMESTAMP" : "1231383365390",
   "_CAP_EFFECTIVE" : "0",
   "_SYSTEMD_INVOCATION_ID" : "[[redacted]]",
   "__REALTIME_TIMESTAMP" : "1525210358022301",
   "_CMDLINE" : "/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only",
   "_TRANSPORT" : "stdout",
   "SYSLOG_IDENTIFIER" : "org.kde.ActivityManager",
   "_SYSTEMD_USER_UNIT" : "dbus.service",
   "PRIORITY" : "4",
   "_SYSTEMD_SLICE" : "user-1000.slice",
   "_SELINUX_CONTEXT" : "unconfined\n",
   "_AUDIT_SESSION" : "6",
   "_PID" : "4152",
   "_STREAM_ID" : "[[redacted]]",
   "_AUDIT_LOGINUID" : "1000",
   "_SYSTEMD_UNIT" : "user@1000.service"
}


-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'testing'), (200, 'unstable'), (150, 'stable'), (100, 'experimental'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.15.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en_GB (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages kactivitymanagerd depends on:
ii  kio                  5.44.0-2
ii  libc6                2.27-3
ii  libkf5configcore5    5.44.0-1
ii  libkf5coreaddons5    5.44.0-1
ii  libkf5dbusaddons5    5.44.0-1
ii  libkf5globalaccel5   5.44.0-1
ii  libkf5i18n5          5.44.0-1
ii  libkf5kiocore5       5.44.0-2
ii  libkf5service-bin    5.44.0-1
ii  libkf5service5       5.44.0-1
ii  libkf5windowsystem5  5.44.0-1
ii  libkf5xmlgui5        5.44.0-2+b1
ii  libqt5core5a         5.10.1+dfsg-5
ii  libqt5dbus5          5.10.1+dfsg-5
ii  libqt5gui5           5.10.1+dfsg-5
ii  libqt5sql5           5.10.1+dfsg-5
ii  libqt5sql5-sqlite    5.10.1+dfsg-5
ii  libqt5widgets5       5.10.1+dfsg-5
ii  libstdc++6           8-20180425-1

kactivitymanagerd recommends no packages.

kactivitymanagerd suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

To: 897388-done@bugs.debian.org
Subject: Re: Bug#897388: Logs accessed files, etc. to syslog
From: Pino Toscano <pino@debian.org>
Date: Sat, 15 Feb 2020 17:37:13 +0100
Message-id: <5600812.RFdQ5ZbSH1@thyrus>
In-reply-to: <20180502110328.mfvcjlodsr4ra7cq@neoptolemo.gnuservers.com.ar>
References: <152521209364.21758.8433702356683018312.reportbug@Zia.metrics.net> <20180502110328.mfvcjlodsr4ra7cq@neoptolemo.gnuservers.com.ar>

Source: kactivitymanagerd
Source-Version: 5.13.1-1

In data mercoledì 2 maggio 2018 13:03:28 CET, Maximiliano Curia ha scritto:
> Control: forwarded -1 https://phabricator.kde.org/D12656
> 
> I'm not sure if bts link supports phabricator, let's see how this goes.

Sadly it does not...

> El 2018-05-01 a las 18:01 -0400, Anthony DeRobertis escribió:
> > Package: kactivitymanagerd
> > Version: 5.12.1-1
> > Severity: important
> 
> > Similar (but nowhere near as bad as) bug #805399, ActivityManager is
> > logging files I access to the systemd journal & syslog. Some examples:
> 
> > while hopefully the database itself is in my home director and
> > mode go-rw, the same can't be said for syslog and journal. This violates
> > user privacy on a multi-user system as the sysadmin is expected to read
> > syslog, but respect the privacy of $HOME. In addition, syslog and
> > journal are available to members of group adm, who may not have root.
> 
> > From the journal, it appears that kactivymanagerd may be speweing this
> > to stdout, which is ultimately being picked up by systemd (I think
> > that's what _TRANSPORT of stdout means):
> 
> Upstream already accepted a patch for this, so it would be solved in the next 
> release.

This was fixed upstream in kactivitymanaged 5.13.0, so closing with the
first version after it available in Debian (5.13.1-1).

Thanks,
-- 
Pino Toscano

Attachment: signature.asc
Description: This is a digitally signed message part.

--- End Message ---

Reply to:

Prev by Date: Bug#866996: marked as done (kde-style-breeze: [fixed upstream] dark themes lowlight active tab instead of highlighting)
Next by Date: Bug#903120: marked as done (Contains malformed Categories= entry)
Previous by thread: Bug#866996: marked as done (kde-style-breeze: [fixed upstream] dark themes lowlight active tab instead of highlighting)
Next by thread: Bug#903120: marked as done (Contains malformed Categories= entry)
Index(es):
- Date
- Thread