On Fri, Feb 4, 2011 at 12:29 PM, kapetr <[email protected]> wrote: > Hello, > > I'm new in using of eCryptfs, but the first test do not let me > sleep. > > I'm using Ubuntu 10.10 - standard installation. > > Let see my steps: > > 1. I mount (as root or with sudo) my first eCryptfs in user1 subdirs > with passwd1. > 2. the key is ONLY in keyring @u of root, NOT by user1 - but: > > user1 can create and read files in that FS (file system) root can > the same. > > ?? How can user1 work with files in this FS even if user1 has no key > in his keyring ?!!! > > 3. root clears kis keyring with keyctl clear @u, but the FS is > usable further ??!! > > 4. root unmounts this FS and mounts it again with another password > passwd2 > > 5. user1 can not see content of previous files (but can see > names/size in "ls") and can create new files - AGAIN WITHOUT key > > 5. user1 adds passwd1 with ecryptfs-manager - so passwd2-key is in > @keyring of root and passwd1-key is in keyring of user1 > > 6. user1 can now see content of ALL previous files ??!! root too > ??!! > > 7. and now! another user - user2 can also see all files, even if he > has no keys !! > > HOW IS IT POSSIBLE ?? > > I thing, that access to content of encrypted files should have ONLY > the one, who has key of proper password in his keyring - and NOBODY > ELSE. > > But this is by eCryptfs not so. Once anybody adds passwdX to his > keyring, than anybody else !!! can read files  encrypted with this > password. Even if this user deletes this key from his keyring !!! > > I can not believe my eyes ?! > > Please HELP.
Hi there, It's critical that you understand the kernel keyring and how it works. Most importantly, you need to understand when and how to clear keys from your keyring. You must have the keys in your keyring when it's mounted. And you should clear those keys on unmount. If you add the mount option "ecryptfs_unlink_sigs", umount.ecryptfs will clear those keys out of the keyring when the filesystem is unmounted. If you're using Ubuntu Encrypted Home / Encrypted Private option, that will be done automatically for you in 11.04 (and an update to older versions of ecryptfs-utils is pending but should be available within the next few days). As for access of the mounted filesystem by root or other users... The stated goal of eCryptfs is to protect your data "at rest". This is mainly about protecting your data in the event of someone physically stealing your device, and protecting your data when you backup the encrypted files to a remote system. eCryptfs has never meant (nor claimed) to protect you from a malicious or snooping root user. In other words, eCryptfs does not provide MAC (Mandatory Access Controls). Instead. eCryptfs expects that DAC (Discretionary Access Controls) protect your data while it's mounted. That said, we would *welcome* patches from an enterprising user who wants to provide SELinux and/or AppArmor extensions for eCryptfs that could cryptographically enforce MAC. However, we've looked at this repeatedly in the past, and while not impossible, it is rather complicated. All this said, there are tons of different file encryption solutions out there, each one serving a different user's needs. I espouse eCryptfs because I believe that it provides the right balance of security, usability, and performance for my needs. I use eCryptfs to protect my $HOME directory (the aforementioned Ubuntu Encrypted Home Directory feature). Should someone steal my laptop (God forbid), my data is cryptographically protected and I do not need to worry about my most private information (which I necessarily store in $HOME) being stolen. I use 2-factor authentication (placing $HOME/.ecryptfs/wrapped-passphrase) on removable media, so a brute force attacker will have to crack a 128bit password. I am the root user (and only user) of my laptop, so I'm not concerned about what root might do on my machine. I rsync the cryptographic files to a shared backup server on the Internet where I'm not root. Again, because the wrapped-passphrase is stored separately, I have no cause for concern about the security that data. Hope that helps! Cheers, -- :-Dustin Dustin Kirkland Ubuntu Core Developer _______________________________________________ Mailing list: https://launchpad.net/~ecryptfs-users Post to : [email protected] Unsubscribe : https://launchpad.net/~ecryptfs-users More help : https://help.launchpad.net/ListHelp
