Package: ecryptfs-utils Version: 99-1 Severity: grave Tags: security Justification: user security hole
Hi! The bug is probably the same as reporte on OpenSUSE-bugs: http://lists.opensuse.org/archive/opensuse-bugs/2014-02/msg02515.html User A is sudo user User B is a normal user A is logged in. B want to user the PC in a secure and confidential manner, A lends the PC to B. B logs in, do stuff recorded in encrypted home, logs out, give back the PC to A thinking all his activity in home dir is encrypted and safe. But the home directory of the normal system user B that has just logged out is still readable by the sudo user A, who can read everything including still valid session cookies etc. Hence encrypts is a bit useless for shared computers. Thank you. jer...@jerome.cc -- System Information: Debian Release: 7.6 APT prefers stable APT policy: (900, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ecryptfs-utils depends on: ii gettext-base 0.18.1.1-9 ii keyutils 1.5.5-3 ii libc6 2.13-38+deb7u3 ii libecryptfs0 99-1 ii libgpg-error0 1.10-3.1 ii libgpgme11 1.2.0-1.4 ii libkeyutils1 1.5.5-3 ii libnss3-1d 2:3.14.5-1 ii libpam-runtime 1.1.3-7.1 ii libpam0g 1.1.3-7.1 ii libtspi1 0.3.9-3+wheezy1 ecryptfs-utils recommends no packages. Versions of packages ecryptfs-utils suggests: ii cryptsetup 2:1.4.3-4 -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org