Collect Sensitive Host info and make it public via Bugzilla

VERIFIED DUPLICATE of bug 323969

Status

()

Bugzilla
Administration
--
enhancement
VERIFIED DUPLICATE of bug 323969
12 years ago
12 years ago

People

(Reporter: Ray Malitzke, Unassigned)

Tracking

Details

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b4) Gecko/20050913 SeaMonkey/1.0a
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b4) Gecko/20050913 SeaMonkey/1.0a

This is not a Bugzilla technical problem per se; but well-intentioned misuse of Bugzilla and underlying database features.
One major Bugzilla user organization encourages users, when filing bugs or seeking help to submit a host of info: e.g. `uname -a`, compiler (gcc-4.0.2), glibc (glibc-2.3.5), kde (kde-3.5), ipv6, CFLAGS="....", CXXFLAGS=....", OS-headers="2.6.11.3", graphics-card="Savage4", python-2.x.y, etc, etc.
I am not a security expert (just a 20 year plus UNIX user) but consider making such detailed info available on the Internet plays potentially into the hands of criminal elements.
I have exhausted my powers of persuasion (via their Bugzilla) to get a review started. I do no want to embarass them publicly by disclosing their name here.
I hope the Mozilla (Bugzilla) organization would issue a general security alert to Bugzilla administrators to reconsider their policy on colletcting and disseminating sensitive information.

Reproducible: Sometimes

Steps to Reproduce:
1.Not all users fall into the trap.
2.
3.

Actual Results:  
not applicable

Expected Results:  
not applicable

I am at your disposal to help. However I would prefer to do so via direct communication. I have read and agree with your security policy. This is, strictly speaking, not a problem of the Bugzilla Organization. I am just hoping you would look into problem, as I perceive it.
I looked at the CERT site and did no find anything resembling this as a potential hazard. If you believe that it belongs in a more general category under CERT please advise.

Comment 1

12 years ago

*** This bug has been marked as a duplicate of 323969 ***
Group: webtools-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.