From owner-freebsd-hackers@FreeBSD.ORG Tue Oct 29 23:27:11 2013 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 69CA7E16 for ; Tue, 29 Oct 2013 23:27:11 +0000 (UTC) (envelope-from bounces+73574-4a99-freebsd-hackers=freebsd.org@sendgrid.me) Received: from o3.shared.sendgrid.net (o3.shared.sendgrid.net [208.117.48.85]) by mx1.freebsd.org (Postfix) with SMTP id 110B72083 for ; Tue, 29 Oct 2013 23:27:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sendgrid.info; h=from:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; s=smtpapi; bh=Jbyo7HG4LlH57Cbu0hg+Lq08yyg=; b=aywAQCVvbynX/puQE1 i1PTYKi+OCPw3n6mhLGV1XOObFXIC8nA51GS0qGgcS0fy9bY2A8KgBENAjxixMvD QQHzvHebcZ7vR50w969YGyFEW+XdwmMRMgT2OuwnrBt/rEJcmcJWpd7ntZIPC70D VTfBEluvLCSOfJfjgt19P8vWA= Received: by mf72 with SMTP id mf72.9252.5270444E1 Tue, 29 Oct 2013 23:27:10 +0000 (GMT) Received: from mail.tarsnap.com (unknown [10.60.208.13]) by mi1 (SG) with ESMTP id 142068ad0d9.2753.19cdd for ; Tue, 29 Oct 2013 23:27:10 +0000 (UTC) Received: (qmail 57330 invoked from network); 29 Oct 2013 23:27:07 -0000 Received: from unknown (HELO clamshell.daemonology.net) (127.0.0.1) by ec2-107-20-205-189.compute-1.amazonaws.com with ESMTP; 29 Oct 2013 23:27:07 -0000 Received: (qmail 49557 invoked from network); 29 Oct 2013 23:25:42 -0000 Received: from unknown (HELO clamshell.daemonology.net) (127.0.0.1) by clamshell.daemonology.net with SMTP; 29 Oct 2013 23:25:42 -0000 Message-ID: <527043F6.7070802@freebsd.org> Date: Tue, 29 Oct 2013 16:25:42 -0700 From: Colin Percival User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.0 MIME-Version: 1.0 To: Adam McDougall , freebsd-hackers@freebsd.org Subject: Re: Automated submission of kernel panic reports References: <526F8EB3.1040205@freebsd.org> <526FE7ED.5000903@egr.msu.edu> In-Reply-To: <526FE7ED.5000903@egr.msu.edu> X-Enigmail-Version: 1.5.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-SG-EID: W2XBZA0V/n0voZZ6SjDkgjXvzGvkLIaljy40FLIRIHTVMXCc7ynl2WKQUz0qqp0cadKHvVLv2tvFWzmLlUy99MfckxfQtwKPeOK1+8vov3I1gU0Xe3b6lbKzuJy4D3sB5NMfxbup52dqfZUQbTll3Dg1H9dCe82x2pBmniLgs8w= X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Oct 2013 23:27:11 -0000 On 10/29/13 09:53, Adam McDougall wrote: > On 10/29/2013 06:32, Colin Percival wrote: >> If ${panicmail_autosubmit} is set to NO, an email is sent to root containing >> the panic data in both decrypted and encrypted forms. The system administrator >> can then review the information and decide whether to allow it to be submitted. >> Such emails look like this: >> http://pastebin.com/w18pXah8 >> >> Comments? > > The first thing that comes to mind is privacy so I looked at the > information being submitted. Would it be possible to replace the > hostname(s) and kernel config paths in the report with a hash by > default? That way a site could still match up reports to internal > hostnames without revealing anything specific about the source system. > The hostname is only needed to differentiate sources and is not > guaranteed to be unique anyway. Just thinking ahead about the > information being obtained and reducing what is transmitted/stored in > case it somehow falls into the wrong hands at some point in the future. > Aside from that, I like it and would consider running it myself as long > as I have appropriate control over the content. Thanks. The hostname could be filtered, but depending on how the panic report is submitted there's a good chance that it would be leaked anyway via email headers, so I figured it was better to make it obvious that it was being sent. The kernel config path I think will be very useful to have when it comes to tracking down the cause of a panic -- if there's a panic which keeps on happening with kernels named "DTRACE" but not kernels named "GENERIC", it give us a hint of where to look. I considered including the entire output of `sysctl -n kern.conftxt` but decided that might be too intrusive. Note: The purpose of the encryption is to protect "private" information in these reports from becoming public -- my intention is that access to the raw reports would be limited to a select group within the project. -- Colin Percival Security Officer Emeritus, FreeBSD | The power to serve Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid