Automated submission of kernel panic reports

[Adam McDougall]

On 10/29/2013 06:32, Colin Percival wrote:
> Hi all,
> 
> I've written some code for automatically submitting kernel panic reports,
> and I'd like some feedback before I place it into the ports tree.
>
> If ${panicmail_autosubmit} is set to NO, an email is sent to root containing
> the panic data in both decrypted and encrypted forms.  The system administrator
> can then review the information and decide whether to allow it to be submitted.
> Such emails look like this:
>   http://pastebin.com/w18pXah8
> 
> The code is in
>   http://svnweb.freebsd.org/base/user/cperciva/panicmail/
> and it uses my FreeBSD-base-system-only public-key encryption code:
>   http://svnweb.freebsd.org/base/user/cperciva/pkesh/
> 
> My plan is to get this into the ports tree, encourage people to install and
> enable it, and then assuming it proves useful see it added into the FreeBSD
> base system some day.  At least initially I'd have panics coming to me, using
> an encryption key which I hold; if/when it enters the FreeBSD base system,
> some decision would need to be made (by core?) as to who should have access
> to the panics.
> 
> Comments?
> 

The first thing that comes to mind is privacy so I looked at the
information being submitted.  Would it be possible to replace the
hostname(s) and kernel config paths in the report with a hash by
default?  That way a site could still match up reports to internal
hostnames without revealing anything specific about the source system.
The hostname is only needed to differentiate sources and is not
guaranteed to be unique anyway.  Just thinking ahead about the
information being obtained and reducing what is transmitted/stored in
case it somehow falls into the wrong hands at some point in the future.
Aside from that, I like it and would consider running it myself as long
as I have appropriate control over the content.  Thanks.