ApportAbortHandlerSpec
Differences between revisions 1 and 3 (spanning 2 versions)
|
Size: 2628
Comment:
|
Size: 2217
Comment: rough draft
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| ## page was renamed from SpecApportAbortHandler | |
| Line 10: | Line 11: |
| This should provide an overview of the issue/functionality/change proposed here. Focus here on what will actually be DONE, summarising that so that other people don't have to read the whole spec. See also CategorySpec for examples. | Apport currently ignore crashes that ending SIGABRT. Two kinds of crashes would be valuable to catch: assert() failures, and internal glibc failures via *_chk(). Glibc will be modified to make the crash string available, and apport will be modified to record aborts for later analysis. |
| Line 14: | Line 15: |
| This section should include a paragraph describing the end-user impact of this change. It is meant to be included in the release notes of the first release in which it is implemented. (Not all of these will actually be included in the release notes, at the release manager's discretion; but writing them is a useful exercise.) It is mandatory. |
Apport is now able to collect crash details from assertion and internal glibc failures. In the case of crashes where this information is not available, Apport will report such crashes as being skipped. |
| Line 20: | Line 19: |
| This should cover the _why_: why is this change being proposed, what justifies it, where we see this justified. | It is valuable to leverage the automatic crash reporting features of apport, especially to catch buffer overflows, etc, getting detected by FORTIFY_SOURCE. Having apport ignore the crashes makes it harder for users to catch and report these bugs. |
| Line 24: | Line 23: |
| == Assumptions == | * Tony runs a program that crashes via SIGABRT with a glibc *_chk() failure. Apport records the assertion string and coredump. Tony is prompted to report the bug to Ubuntu. * Aaron runs a program that crashes via SIGABRT with an assert() failure. Apport records the assertion string and coredump. Tony is prompted to report the bug to Ubuntu. * Sean runs a program that just calls abort() instead of assert(). Apport records the crash. Tony is prompted for crashes later, and Apport explains why it will not file this crash, as it lacks useful details. |
| Line 28: | Line 31: |
| You can have subsections that better describe specific parts of the issue. | * Apport needs a way to distinguish "useful" aborts from "useless" aborts so it can save and report the "useful" aborts. |
| Line 32: | Line 35: |
| This section should describe a plan of action (the "how") to implement the changes discussed. Could include subsections like: |
|
| Line 36: | Line 37: |
| Should cover changes required to the UI, or specific UI that is required to implement this | * apport needs to describe "useless" abort crashes and how it will not be reporting them. |
| Line 40: | Line 41: |
| Code changes should include an overview of what needs to change, and in some cases even the specific details. === Migration === Include: * data migration, if any * redirects from old URLs to new ones, if any * how users will be pointed to the new way of doing things, if necessary. == Test/Demo Plan == It's important that we are able to test new features, and demonstrate them to users. Use this section to describe a short plan that anybody can follow that demonstrates the feature is working. This can then be used during testing, and to show off after release. Please add an entry to http://testcases.qa.ubuntu.com/Coverage/NewFeatures for tracking test coverage. This need not be added or completed until the specification is nearing beta. == Unresolved issues == This should highlight any issues that should be addressed in further specifications, and not problems with the specification itself; since any specification with problems cannot be approved. == BoF agenda and discussion == Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected. |
* glibc will be modified to retain the assert/fatal message string in an exported global variable pointer. * apport will be modified to look for the global variable ("__assert_msg") when building up the crash report. |
Launchpad Entry: security-karmic-apport-abort
Created: 2009-06-02
Contributors: kees, pitti
Packages affected: glibc, apport
Summary
Apport currently ignore crashes that ending SIGABRT. Two kinds of crashes would be valuable to catch: assert() failures, and internal glibc failures via *_chk(). Glibc will be modified to make the crash string available, and apport will be modified to record aborts for later analysis.
Release Note
Apport is now able to collect crash details from assertion and internal glibc failures. In the case of crashes where this information is not available, Apport will report such crashes as being skipped.
Rationale
It is valuable to leverage the automatic crash reporting features of apport, especially to catch buffer overflows, etc, getting detected by FORTIFY_SOURCE. Having apport ignore the crashes makes it harder for users to catch and report these bugs.
User stories
- Tony runs a program that crashes via SIGABRT with a glibc *_chk() failure. Apport records the assertion string and coredump. Tony is prompted to report the bug to Ubuntu.
- Aaron runs a program that crashes via SIGABRT with an assert() failure. Apport records the assertion string and coredump. Tony is prompted to report the bug to Ubuntu.
- Sean runs a program that just calls abort() instead of assert(). Apport records the crash. Tony is prompted for crashes later, and Apport explains why it will not file this crash, as it lacks useful details.
Design
- Apport needs a way to distinguish "useful" aborts from "useless" aborts so it can save and report the "useful" aborts.
Implementation
UI Changes
- apport needs to describe "useless" abort crashes and how it will not be reporting them.
Code Changes
- glibc will be modified to retain the assert/fatal message string in an exported global variable pointer.
apport will be modified to look for the global variable ("assert_msg") when building up the crash report.
SecurityTeam/Specifications/Karmic/ApportAbortHandlerSpec (last edited 2009-11-25 19:04:56 by c-76-105-168-175)