Mailinglist Archive: opensuse-bugs (4794 mails)

< Previous Next >
[Bug 1051248] New: VUL-0: PlayOnLinux: privacy issues
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 28 Jul 2017 15:11:22 +0000
  • Message-id: <>

Bug ID: 1051248
Summary: VUL-0: PlayOnLinux: privacy issues
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.3
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: ecsos@xxxxxxxxxxx
Reporter: astieger@xxxxxxxx
QA Contact: security-team@xxxxxxx
CC: astieger@xxxxxxxx, ecsos@xxxxxxxxxxx,
simon.herrmann@xxxxxxxxx, stefan@xxxxxxxxxxxx
Found By: Security Response Team
Blocker: ---

+++ This bug was initially created as a clone of Bug #1051224 +++

In PlayOnLinux ./bash/run_app:

# Unique anonymous id (autorisation to edit the review)
if [ ! -e "$POL_USER_ROOT/configurations/reports/$PACKAGE" ]; then
UniqId="$(perl -e 'print int(rand(10000000000000000))')"
UniqId="$(cat "$POL_USER_ROOT/configurations/reports/$PACKAGE")"
# Wine version
Prefix="$(POL_Shortcut_GetPrefix "$PACKAGE")"
Version="$(POL_Config_PrefixRead VERSION "$Prefix")"
PArch="$(POL_Config_PrefixRead ARCH "$Prefix")"
[ "$PArch" = "x86" ] && archty="0" || archty="1"
# AMD64
[ "$AMD64_COMPATIBLE" = "True" ] && amd64_set="1" || amd64_set="0"

if [ "$ScriptName" ]; then
# Device Infos - Could also directly use POL_DetectVideoCards for full
POL_LoadVar_Device --non-interactive

| POL_base64)"
"$(POL_Website_urlencode "$Info")"
echo "$UniqId" > "$POL_USER_ROOT/configurations/reports/$PACKAGE"

This uploads a user-identifying ID with all hardware information in PLAIN to a
third party.
This should be HTTPS at least, NOT use a unique ID unless the user is informed,
and be default off anyway.

You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
This Thread
  • No further messages