[Ecryptfs-devel] Bugs?

Fri, 29 Feb 2008 03:29:03 -0800 

Dear All,

 

I am currently experimenting with eCryptfs and a Siemens CardOS Smartcard. I
got it to work, although having some problems due to lacking documentation.
However, I noticed some issues which I would like to detail in the
following. For most of these issues I have been using
linux-2.6.23.15-80.fc7, ecryptfs-utils-40 and pkcs11-helper-1.05. The utils
and helper packages have been compiled from source.

 

I'd like to begin with two issues which seem to affect only the
pkcs11_helper-module.

1.       Entering a PIN via ssh-askpass (or equivalent) does NOT work, the
kernel<->userspace communication seems to be disrupted by the fork() in
daemon.c::prompt_callback(). (I already saw this issue floating around some
time ago..). And yes, I set the timeout value to "10".

2.       None of the parameters in ~/.ecryptfsrc.pkcs11 for pkcs11-provider
(e.g. name=xy,library=xy..) seems to be optional, in case the line beginning
with pkcs11-provider does not end with private-mask=xy, the provider library
will not be loaded and eCryptfs will fail with meaningless messages (at
least in non-debug mode).

 

The following issues seems to be a problem of eCryptfs itself:

3.       When using kernel 2.6.24 and loading the ecryptfs module,
everything is fine. When I start the ecryptfsd the system crashes (I'm
starting ecryptfsd as root). The funny thing is, it _did_ work in a virtual
machine, but on the host it fails. I did recompile ecryptfs-utils-40 for
linux-2.6.24, although I'm not sure whether it makes any difference.

4.       <!> Data gets corrupted when I do something like the following
(using the pkcs11_helper key module..) <!>

$ mkdir secret

$ mount -t ecryptfs secret secret

$ echo "abc" > secret/test

$ cat secret/test

abc

$ umount secret

$ mount -t ecryptfs secret secret

$ echo "def" >> secret/test

$ cat secret/test

def

                For longer strings (instead of "abc") this looks even worse
and cat shows some weird content, with "def" at the end.

 

In case you need further information, please let me know.

 

Regards,

Benedikt Driessen

Attachment: PGP.sig
Description: PGP signature

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
eCryptfs-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ecryptfs-devel

Reply via email to