[Bug 313812] Re: umount of ecryptfs does not automatically clear the keyring (can be mounted by root later)
More side effects working with encrypted homes: 1) The same side effect explained above between user1 and user2 happens if user2 is a privileged user and if user2 has his home directory encrypted. 2) If you have your home encrypted, accessing remotely with ssh is not possible if you demand using private & public keys (setting PasswordAuthentication = no in the file /etc/ssh/sshd_config ), because the sshd daemon has to access ~/.ssh/authorized_keys file in a directory which is not yet mounted. IMHO, home directory encryption is still unreliable and it should be userd with care. In its current state, it only protects after rebooting the machine ( please tell me if this observation is wrong ), and consequently only protects from a disk or machine physical theft. -- umount of ecryptfs does not automatically clear the keyring (can be mounted by root later) https://bugs.launchpad.net/bugs/313812 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 313812] Re: umount of ecryptfs does not automatically clear the keyring (can be mounted by root later)
The following effect may be a consequence of the same bug. Distribution: Ubuntu 10.04 1) Create user1 ( with administrative privileges ) 2) Create user2 ( without administrative privileges ) 3) Logged as user2 set up a private directory, logout & login, create some files in ~/Private, logout. 4) Logged as user1 change user2 password. 5) Logged as user2 (using the new password defined by user1) you can access the /home/user2/Private directory and its contents. The effect persists until you reboot. Conclusion: A privileged user can access private data from others (who recently have logged in and out ) by means of changing their password. -- umount of ecryptfs does not automatically clear the keyring (can be mounted by root later) https://bugs.launchpad.net/bugs/313812 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs