Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 10 Apr 2012, Kevin Kofler wrote:


From a technical standpoint, working on core files means you have to dump
core and then attach to the core file after the fact when you could just
backtrace right when the crash happened. A waste of disk space, and a
security risk (you're making RAM contents persistent, and ABRT even allows
you to upload them to a public bug tracker!).


It could be written to tmpfs if you really think this is an issue. I see
the crashing program as a bigger security risk than writing crash data
my (encrypted) disk.


From a practical standpoint, ABRT is a distro-level solution which reports
to the distro bug tracker rather than an upstream solution. Isn't Fedora
about working with upstream? This also implies we need to triage all the
ABRT bugs and forward them upstream (because the kind of users who files
reports through ABRT most definitely won't report it upstream themselves).


I have been upstream for openswan for about 8 years, and I can tell you
that the single reason for reporting bugs to upstream is if they really
need to get openswan working and they can't. At most, they report
straight into the RHBZ without ever bothering to contact upstream.


It also means that ABRT doesn't have access to the KAboutData information
(application name, version, bug tracker or e-mail address to use etc.),
whereas KCrash intercepts the crash from within the application (where that
data is available) and passes all that information to DrKonqi. In my
experience, bugs we receive from ABRT usually just bitrot, bugs filed
upstream by DrKonqi stand a much higher chance to actually get fixed.


Again, as upstream, I'd rather not maintain my own separate "automatic
bug receiving, triaging duplicates and processing" system.

I think GUI apps have much different reporting profiles then other
components, since they are affecting the user right there and then, and
they can click to report with 0 effort. Count yourself lucky.

Paul
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux