[Ecryptfs] [Bug 370627] Re: Inadvertent opening of encrypted dir

Sun, 17 May 2009 17:15:22 -0700 

Reopening this because it is reoccurring on my jaunty laptop with
74-0ubuntu1~ppa1. May not be related but the only thing different there
is that i am running ubuntu kernel 2.6.30-020630rc5-generic (to overcome
intel video problems).

I have noticed that, after mounting, running ecryptfs-umount-private
returns a message:

m...@lt:~ ecryptfs-umount-private 
keyctl_unlink: Invalid argument

but ~/Private does unmount. Repeating that command again produces no
message 2nd and subsequent times. Then clicking on the desktop link
brings up the password launcher but the password is not asked for and
~/Private mounts openly again.

** Changed in: ecryptfs
       Status: Fix Released => In Progress

-- 
Inadvertent opening of encrypted dir
https://bugs.launchpad.net/bugs/370627
You received this bug notification because you are a member of eCryptfs,
which is a direct subscriber.

Status in eCryptfs - Enterprise Cryptographic Filesystem: In Progress

Bug description:
I've found what I think is quite a significant bug in ecryptfs. I am a user who 
has auto-login enabled so it means that ecryptfs correctly (as designed) does 
not automatically mount ~/.Private/. I've discovered that any time you use 
"sudo" that your password get installed in the kernel keyring and your 
~/.Private dir becomes automatically available to be mounted merely by 
(anybody) clicking on the standard "Access your Private data" link. No 
password/passphrase is then required to be explicitly entered to open your 
private dir. The same problem applies even if you don't use auto-login - you 
may think you have closed off private access with ecryptfs-umount-private but a 
simple sudo somewhere else makes your private directory available again without 
entering a password.

It is un-reasonable and dangerous that a typical naive user should have to be 
aware that he has exposed his private dir just because he did an sudo somewhere 
completely unrelated. There should be no correlation between sudo and this 
ecryptfs functionality.

I'm using ecryptfs-utils version 73-0ubuntu6 on jaunty.

_______________________________________________
Mailing list: https://launchpad.net/~ecryptfs
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~ecryptfs
More help   : https://help.launchpad.net/ListHelp

Reply via email to