Per https://wiki.ubuntu.com/StableReleaseUpdates:
1) This bug will impact any user wishing to setup an encrypted
~/Private directory having a "%" or a "-" in their login password or
their mount passphrase.
2) This was fixed in Intrepid's ecryptfs-utils_53-1ubuntu12, which is
in Intrepid -proposed
3) The fix involves 3 trivial changes, basically changing:
printf "$foo" ------> printf "%s" "$foo"
The upstream git commit is:
*
http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=2c422e6d2549f90258cddeebf105b066b598bdbb
4) TEST CASE:
Using ecryptfs-utils_53-1ubuntu11 (or the Intrepid alternate/server)
install media, set a user's password to something like "foo%bar". Then run
"ecryptfs-setup-private". You will be prompted for your system password. If
you correctly enter "foo%bar", you will be told that your entered login
passphrase is incorrect.
Using ecryptfs-utils_53-1ubuntu12, the above test case should succeed.
5) I believe the regression potential to be very low. I'm attaching to
this bug a shell script I used to test, by generating 10,000 random
passwords including all sorts of alphanumeric and punctuation
characters, and testing the output of a printf "%s" "$foo". You can use
this "fuzzing" test to verify the change. I ran this numerous times.
:-Dustin
** Attachment added: "foo.sh"
http://launchpadlibrarian.net/19080162/foo.sh
--
ecryptfs-setup-private fails if passphrase contains character "%"
https://bugs.launchpad.net/bugs/290445
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
