From b14396f9f86b6694471a9418024ffb39cf7abd47 Mon Sep 17 00:00:00 2001

From: Matej Habrnal <mhabrnal@redhat.com>

Date: Wed, 3 Aug 2016 12:43:51 +0200

Subject: [PATCH] cli: introduce unsafe reporting for not-reporable problems

Parameter unsafe ignores security checks and allows to report

not-reportable problems.

What makes the problem not reportable:

- A kernel problem occurred, but your kernel has been tainted

(flags:%s).

- A kernel problem occurred because of broken BIOS. Unfortunately, such

  problems are not fixable by kernel maintainers."

- The problem data are incomplete.

- Crashed application has locked memory regions

We have decided to call the new command line argument "unsafe" because

- either the reporter can leak some private data

- or the reporter could be facing anger from maintainers when they get

to the report

Related to #1257159

Related to abrt/abrt#1166

Signed-off-by: Matej Habrnal <mhabrnal@redhat.com>

---

 doc/abrt-cli.txt      |  7 +++++--

 src/cli/builtin-cmd.h |  8 +++++++-

 src/cli/process.c     | 34 ++++++++++++++++++++++++----------

 src/cli/report.c      | 27 ++++++++++++++++++++-------

 4 files changed, 56 insertions(+), 20 deletions(-)

diff --git a/doc/abrt-cli.txt b/doc/abrt-cli.txt

index 0f18784..87a74ad 100644

--- a/doc/abrt-cli.txt

+++ b/doc/abrt-cli.txt

@@ -13,13 +13,13 @@ SYNOPSIS

 'abrt-cli' remove  [-v]  DIR...

-'abrt-cli' report  [-v]  [--delete]  DIR...

+'abrt-cli' report  [-v]  [--delete] [--unsafe] DIR...

 'abrt-cli' info    [-v]  [--detailed] [-s SIZE] DIR...

 'abrt-cli' status  [-vb] [--since NUM]

-'abrt-cli' process [-v]  [--since NUM] DIR...

+'abrt-cli' process [-v]  [--since NUM] [--unsafe] DIR...

 GLOBAL OPTIONS

 --------------

@@ -49,6 +49,9 @@ COMMAND OPTIONS

 --since NUM::

     Selects only problems detected after timestamp

+-u, --unsafe::

+   Ignore security checks to be able to report all problems

+

 --until NUM::

     Selects only the problems older than specified timestamp

diff --git a/src/cli/builtin-cmd.h b/src/cli/builtin-cmd.h

index c6cd691..9773f13 100644

--- a/src/cli/builtin-cmd.h

+++ b/src/cli/builtin-cmd.h

@@ -24,7 +24,13 @@ extern int cmd_list(int argc, const char **argv);

 extern int cmd_remove(int argc, const char **argv);

 extern int _cmd_remove(const char **dirs_strv);

 extern int cmd_report(int argc, const char **argv);

-extern int _cmd_report(const char **dirs_strv, int remove);

+enum {

+    /* Remove successfully reported */

+    CMD_REPORT_REMOVE = 1 << 0,

+    /* Ignore security checks - i.e not-repotable */

+    CMD_REPORT_UNSAFE = 1 << 1,

+};

+extern int _cmd_report(const char **dirs_strv, int flags);

 extern int cmd_info(int argc, const char **argv);

 extern int _cmd_info(problem_data_t *problem_data, int detailed, int text_size);

 extern int cmd_status(int argc, const char **argv);

diff --git a/src/cli/process.c b/src/cli/process.c

index 401ef60..9ccc271 100644

--- a/src/cli/process.c

+++ b/src/cli/process.c

@@ -32,7 +32,7 @@ enum {

     ACT_SKIP

 };

-static int process_one_crash(problem_data_t *problem_data)

+static int process_one_crash(problem_data_t *problem_data, int report_flags)

 {

     if (problem_data == NULL)

         return ACT_ERR;

@@ -60,10 +60,10 @@ static int process_one_crash(problem_data_t *problem_data)

         const char *not_reportable = problem_data_get_content_or_NULL(problem_data, FILENAME_NOT_REPORTABLE);

         /* if the problem is not-reportable then ask does not contain option report(e) */

-        if (not_reportable != NULL)

-            action = ask(_("Actions: remove(rm), info(i), skip(s):"));

-        else

+        if ((report_flags & CMD_REPORT_UNSAFE) || not_reportable == NULL)

             action = ask(_("Actions: remove(rm), report(e), info(i), skip(s):"));

+        else

+            action = ask(_("Actions: remove(rm), info(i), skip(s):"));

         if(strcmp(action, "rm") == 0 || strcmp(action, "remove") == 0 )

         {

@@ -73,11 +73,12 @@ static int process_one_crash(problem_data_t *problem_data)

             ret_val = ACT_REMOVE;

         }

-        else if (not_reportable == NULL && (strcmp(action, "e") == 0 || strcmp(action, "report") == 0))

+        else if (((report_flags & CMD_REPORT_UNSAFE) || not_reportable == NULL)

+             && (strcmp(action, "e") == 0 || strcmp(action, "report") == 0))

         {

             log(_("Reporting '%s'"), dir_name);

             const char *dirs_strv[] = {dir_name, NULL};

-            _cmd_report(dirs_strv, /*do not delete*/0);

+            _cmd_report(dirs_strv, report_flags);

             ret_val = ACT_REPORT;

         }

@@ -98,7 +99,7 @@ static int process_one_crash(problem_data_t *problem_data)

     return ret_val;

 }

-static void process_crashes(vector_of_problem_data_t *crash_list, long since)

+static void process_crashes(vector_of_problem_data_t *crash_list, long since, int report_flags)

 {

     for (unsigned i = 0; i < crash_list->len; ++i)

@@ -117,7 +118,7 @@ static void process_crashes(vector_of_problem_data_t *crash_list, long since)

         if(i != 0)

             printf("\n");

-        int action = process_one_crash(crash);

+        int action = process_one_crash(crash, report_flags);

         if (i != crash_list->len - 1)

         {

@@ -135,23 +136,36 @@ static void process_crashes(vector_of_problem_data_t *crash_list, long since)

 int cmd_process(int argc, const char **argv)

 {

     const char *program_usage_string = _(

+        "& process [options]\n"

+        "\n"

         "Without --since argument, iterates over all detected problems."

     );

+    enum {

+        OPT_v = 1 << 0,

+        OPT_s = 1 << 1,

+        OPT_u = 1 << 2,

+    };

+

     int opt_since = 0;

     struct options program_options[] = {

         OPT__VERBOSE(&g_verbose),

         OPT_INTEGER('s', "since" , &opt_since,  _("Selects only problems detected after timestamp")),

+        OPT_BOOL(   'u', "unsafe", NULL,        _("Ignore security checks to be able to "

+                                                  "report all problems")),

         OPT_END()

     };

-    parse_opts(argc, (char **)argv, program_options, program_usage_string);

+    unsigned opts = parse_opts(argc, (char **)argv, program_options, program_usage_string);

     vector_of_problem_data_t *ci = fetch_crash_infos();

     g_ptr_array_sort_with_data(ci, &cmp_problem_data, (char *) FILENAME_LAST_OCCURRENCE);

-    process_crashes(ci, opt_since);

+    int report_flags = 0;

+    if (opts & OPT_u)

+        report_flags |= CMD_REPORT_UNSAFE;

+    process_crashes(ci, opt_since, report_flags);

     free_vector_of_problem_data(ci);

diff --git a/src/cli/report.c b/src/cli/report.c

index cc4035e..1e9067b 100644

--- a/src/cli/report.c

+++ b/src/cli/report.c

@@ -22,7 +22,7 @@

 #include "abrt-cli-core.h"

 #include "builtin-cmd.h"

-int _cmd_report(const char **dirs_strv, int remove)

+int _cmd_report(const char **dirs_strv, int flags)

 {

     int ret = 0;

     while (*dirs_strv)

@@ -39,10 +39,14 @@ int _cmd_report(const char **dirs_strv, int remove)

         const int not_reportable = test_exist_over_dbus(real_problem_id, FILENAME_NOT_REPORTABLE);

         if (not_reportable != 0)

         {

-            error_msg(_("Problem '%s' cannot be reported"), real_problem_id);

-            free(real_problem_id);

-            ++ret;

-            continue;

+            if (!(flags & CMD_REPORT_UNSAFE))

+            {

+                error_msg(_("Problem '%s' cannot be reported"), real_problem_id);

+                free(real_problem_id);

+                ++ret;

+                continue;

+            }

+            log_info(_("Problem '%s' is labeled as 'not-reportable'?"), real_problem_id);

         }

         const int res = chown_dir_over_dbus(real_problem_id);

@@ -58,7 +62,7 @@ int _cmd_report(const char **dirs_strv, int remove)

                                            | LIBREPORT_RUN_CLI);

         /* the problem was successfully reported and option is -d */

-        if(remove && (status == 0 || status == EXIT_STOP_EVENT_RUN))

+        if((flags & CMD_REPORT_REMOVE) && (status == 0 || status == EXIT_STOP_EVENT_RUN))

         {

             log(_("Deleting '%s'"), real_problem_id);

             delete_dump_dir_possibly_using_abrtd(real_problem_id);

@@ -82,11 +86,14 @@ int cmd_report(int argc, const char **argv)

     enum {

         OPT_v = 1 << 0,

         OPT_d = 1 << 1,

+        OPT_u = 1 << 2,

     };

     struct options program_options[] = {

         OPT__VERBOSE(&g_verbose),

         OPT_BOOL('d', "delete", NULL, _("Remove PROBLEM_DIR after reporting")),

+        OPT_BOOL('u', "unsafe", NULL, _("Ignore security checks to be able to "

+                                        "report all problems")),

         OPT_END()

     };

@@ -101,5 +108,11 @@ int cmd_report(int argc, const char **argv)

     load_abrt_conf();

     free_abrt_conf_data();

-    return _cmd_report(argv, opts & OPT_d);

+    int report_flags = 0;

+    if (opts & OPT_d)

+        report_flags |= CMD_REPORT_REMOVE;

+    if (opts & OPT_u)

+        report_flags |= CMD_REPORT_UNSAFE;

+

+    return _cmd_report(argv, report_flags);

 }

-- 

1.8.3.1