Blob Blame Raw
From a16d12d27e5c12f3e4ab5defaf775a692c405206 Mon Sep 17 00:00:00 2001
From: Jakub Filak <jfilak@redhat.com>
Date: Wed, 11 Nov 2015 13:19:35 +0100
Subject: [PATCH] ccpp: make crashes of processes with locked memory
 not-reportable

Lets begin with a simply policy preventing users from accidental
publication of problem data with security sensitive data.

"not-reportable" problems can still be auto-reported. That is not an
security issue because uReports does not contain any user data stored in
process' memory (only stack-trace without values local|global variables
and function arguments).

Related to #796.

Signed-off-by: Jakub Filak <jfilak@redhat.com>
---
 src/hooks/abrt-hook-ccpp.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/hooks/abrt-hook-ccpp.c b/src/hooks/abrt-hook-ccpp.c
index 809b45e..4b79900 100644
--- a/src/hooks/abrt-hook-ccpp.c
+++ b/src/hooks/abrt-hook-ccpp.c
@@ -868,6 +868,27 @@ int main(int argc, char** argv)
 
         dd_save_text(dd, FILENAME_ABRT_VERSION, VERSION);
 
+        /* In case of errors, treat the process as if it has locked memory */
+        long unsigned lck_bytes = ULONG_MAX;
+        const char *vmlck = strstr(proc_pid_status, "VmLck:");
+        if (vmlck == NULL)
+            error_msg("/proc/%s/status does not contain 'VmLck:' line", pid_str);
+        else if (1 != sscanf(vmlck + 6, "%lu kB\n", &lck_bytes))
+            error_msg("Failed to parse 'VmLck:' line in /proc/%s/status", pid_str);
+
+        if (lck_bytes)
+        {
+            log_notice("Process %s of user %lu has locked memory",
+                        pid_str, (long unsigned)uid);
+
+            dd_mark_as_notreportable(dd, "The process had locked memory "
+                    "which usually indicates efforts to protect sensitive "
+                    "data (passwords) from being written to disk.\n"
+                    "In order to avoid sensitive information leakages, "
+                    "ABRT will not allow you to report this problem to "
+                    "bug tracking tools");
+        }
+
         if (setting_SaveBinaryImage)
         {
             if (save_crashing_binary(pid, dd))
-- 
2.6.3