Updated debdiff. Thoroughly tested: * ecryptfs-add-passphrase: - tested with no and bad parameters, still shows usage statement - regression tested with command line parameters, and using stdin - verified that passphrase makes it into the keyring . check with "keyctl show" . clear with "keyctl clear @u") - tested adding arbitrary trailing new line characters and no newline character . verifying fgets() is working as expected
* ecryptfs-wrap-passphrase: - tested with no and bad parameters, still shows usage statement - regression tested with command line parameters, and using stdin - verify that the passphrase get's encrypted . cat encrypted file - verify that the passphrase can be decrypted with the encryption passphrase . ecryptfs-unwrap-passphrase * ecryptfs-setup-private - tested with good and bad passphrases - tested on the command line, and interactively - unwrapped the passphrases written by ecryptfs-setup-private - mounted/unmounted - logged out, mounted/unmounted - rebooted, mounted/unmounted :-Dustin ** Attachment added: "ecryptfs-utils.debdiff" http://launchpadlibrarian.net/18823465/ecryptfs-utils.debdiff -- ecryptfs-setup-private potentially exposes passwords in the process table https://bugs.launchpad.net/bugs/287908 You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu. Status in “ecryptfs-utils” source package in Ubuntu: In Progress Bug description: Binary package hint: ecryptfs-utils ecryptfs-setup-private potentially exposes passwords in the process table. There are two calls in ecryptfs-setup-private to helper utilities: * ecryptfs-wrap-passphrase * ecryptfs-add-passphrase that use passwords on the command line. There is a small yet real possibility that these passwords could be exposed on the process table momentarily. To fix this problem, we need to: a) patch both ecryptfs-wrap-passphrase and ecryptfs-add-passphrase to take passphrases on stdin b) modify the callers to use a dash/bash builtin function (such as echo or printf) to send this passphrases to those utilities on standard in Thanks to Jamie Strandboge for the bug report. :-Dustin _______________________________________________ Mailing list: https://launchpad.net/~ecryptfs Post to : [email protected] Unsubscribe : https://launchpad.net/~ecryptfs More help : https://help.launchpad.net/ListHelp
