Package: libpam-encfs
Version: 0.1.2-4
Severity: important
Tags: patch
Hi all,
First, I wan't to say that I hesitate to put it as grave, since I think
this can be a kind of security hole. But since
1) that's not a default configuration
2) not so much people use it :) (I guess, or I'm a martian using encfs
the way I use it :)
3) I perhaps doesn't understand how it should work ...
4) It depends on what you want as default behavior.
I only put it as important.
Anyway, here's the steps to reproduce :
Create a "encrypt" user, I mean with a home directory using the encfs
utilities.
Create a "normal" user.
Config pam as specified in the README.Debian :
-- 8< -- /etc/pam.d/common-auth -- 8< --
auth sufficient pam_encfs.so
auth required pam_unix.so nullok_secure use_first_pass
-- 8< --
use the default configuration file /etc/pam_encfs.conf (more about this
file later)
Login as the normal user : it's failing complaining about not able to
read /home/.enc/encrypt/.encfs5 ... then the login is waiting for
creating the new encrypted dir ... so you need to Ctrl+C to try a new
time ...
Login as the encrypt user : ok your logged !
In another console, try to loggin as the normal user : it works !
So here is a possible security hole : if you want that somebody without
an encrypted home dir, shouldn't login, then he can ... aïe.
I wrote the patch attached to partialy correct this behavior : at least
evrybody with or without an encrypted home dir will be able to log in. I
take the
time to correct some warnings (not all, but most of them) too.
Ok, back to the default conf file : why the maintainer let it's user
name in the file ??? (and not commented).
I suggest too, to put somewhere that the password for the encfs
NEED to be the SAME as the unix login ... that's a serious weakness in
my mind ... if somebody was able to crack the login password, it could
read the encrypted data's ... So in the same time, I suggest to put a
warning, to explain that you need to put the .encfs5 on another device
like an USBkey + automount it for reading this file (a link from
/home/.enc/encrypt/.encfs5 to /var/autofs/removable/uba/encfs5, could be
a start for a better security) NOTE : this can't work with actual code.
Hope this help,
I'm ok to discuss issue.
Regards,
Benoît.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12dsdt
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)
Versions of packages libpam-encfs depends on:
ii encfs 1.2.4.1-2 encrypted virtual filesystem
ii libc6 2.3.5-8 GNU C Library: Shared
libraries an
ii libpam0g 0.79-3 Pluggable Authentication
Modules l
libpam-encfs recommends no packages.
-- no debconf information
--- libpam-encfs-0.1.2-orig/pam_encfs.c 2006-01-22 15:14:36.000000000 +0100
+++ libpam-encfs-0.1.2/pam_encfs.c 2006-01-22 15:46:45.000000000 +0100
@@ -69,6 +69,7 @@
#include <malloc.h>
#include <stdarg.h>
#include <stdio.h>
+#include <stdlib.h>
#include <sys/ioctl.h>
#include <fcntl.h>
@@ -173,7 +174,7 @@
}
-int checkmnt(char *targetpath) {
+int checkmnt(const char *targetpath) {
FILE *f = setmntent("/etc/mtab", "r");
struct mntent *m;
@@ -193,7 +194,7 @@
char *str;
do {
str = strchr(line,',');
- if (str > NULL) {
+ if (str != NULL) {
*str = ' ';
}
} while (str != NULL);
@@ -217,7 +218,7 @@
char line[BUFSIZE];
char username[USERNAME_MAX];
int parsed;
- char *tmp;
+ const char *tmp;
// Return 1 = error, 2 = silent error (ie already mounted)
@@ -262,6 +263,9 @@
// Todo check if this dir exists and give better error msg
}
}
+ else
+ //If we are not the right user, just read next line !!!!
+ continue;
if (strcmp("-",targetpath) == 0) {
// We do not have targetpath, construct one.
@@ -355,7 +359,10 @@
int inpipe[2],outpipe[2];
rval = pam_get_user(pamh, &user, NULL);
- if ((rval != PAM_SUCCESS) || (!user)) {
+ if (rval != PAM_SUCCESS)
+ return rval;
+
+ if (!user) {
_pam_log ( LOG_ERR, "can't get username: %s", pam_strerror ( pamh, rval )
);
return PAM_AUTH_ERR;
}
@@ -363,7 +370,7 @@
rval = pam_get_item(pamh, PAM_AUTHTOK, (const void **)(void *)&passwd);
if (rval != PAM_SUCCESS) {
_pam_log(LOG_ERR, "Could not retrieve user's password");
- return PAM_AUTH_ERR;
+ return rval;
}
if (!passwd) {
@@ -372,7 +379,9 @@
return rval;
}
rval = pam_get_item(pamh, PAM_AUTHTOK, (const void **)(void *)&passwd);
- if (rval != PAM_SUCCESS || passwd == NULL) {
+ if (rval != PAM_SUCCESS)
+ return rval;
+ if(passwd == NULL) {
_pam_log(LOG_ERR, "Could not retrieve user's password");
return PAM_AUTH_ERR;
}
@@ -552,7 +561,7 @@
int retval;
pid_t pid;
const char *targetpath;
- char *args[4];
+ const char * args[4];
// _pam_log(LOG_ERR,"Geteuid : %d",geteuid());
@@ -572,7 +581,7 @@
switch(pid=fork()) {
case -1: _pam_log(LOG_ERR,"Fork failed");
return PAM_SERVICE_ERR;
- case 0:execvp("fusermount",args);
+ case 0:execvp("fusermount",(char * const *)args);
char errstr[128];
snprintf(errstr,127,"%d - %s",errno,strerror(errno));
_pam_log(LOG_ERR,"Exec failed - %s",errstr);
@@ -585,7 +594,7 @@
return PAM_SERVICE_ERR;
}*/
- return PAM_IGNORE;
+ return PAM_SUCCESS;
}
PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh,
int flags,
