Stable Release Update Request
Per:
* https://wiki.ubuntu.com/StableReleaseUpdates
1) This bug affects any users using Intrepid's easy-to-configure
"Automatic Login" option, in conjunction with Encrypted Private
Directories. Encrypted Private Directories absolutely *require* that
you enter your password at some point, in order to unwrap the mount
passphrase and mount the encrypted Private directory. This might seem
obvious to the technical among us, but it's not obvious to some of our
users.
2) The proposed fix, which has been committed upstream, involves the
following, in order to provide an interactive mechanism for prompting for a
password when attempting to access the encrypted private directory:
* doc/ecryptfs-mount-private.txt: new file, to be placed as
"README.txt" in a user's unmount encrypted ~/Private directory
* src/desktop/ecryptfs-mount-private.desktop: new desktop file,
to be installed in each user's unmounted Private dir, providing a
clickable way to mount (tested in Gnome and KDE)
* src/utils/ecryptfs-setup-private: link the readme and desktop file
into the unmount Private dir
* src/utils/ecryptfs-mount-private: completely overhauled to
interactively prompt for a user's login password, unwrap the mount
passphrase and insert into the keyring, and perform the mount
* src/utils/ecryptfs-umount-private: completely overhauled to drop the
deprecated (and broken) counter mechanism, and very simply call
umount.ecryptfs_private
* src/utils/mount.ecryptfs_private.c: provide a helpful "hint" when a
key isn't found, that perhaps they user wants to try the interactive
ecryptfs-mount-private utility
* See:
http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=923a2e4bc05e8a6bb4a3ca836f9080b13bd84b3c
3) Patch is attached.
4) TEST CASE:
a) install Ubuntu or Kubuntu, and configure the system for "Automatic Login"
b) sudo apt-get install ecryptfs-utils
c) ecryptfs-setup-private
d) mount.ecryptfs_private
e) copy some data into ~/Private
f) reboot, allow the machine to automatically login
g) try to access ~/Private, only will see symlink saying that the directory
has been unmounted
5) The only regression potential I see is the overloading of the
ecryptfs-mount-private and ecryptfs-umount-private utilities. These
were two small, wrapper scripts which have been included in the package,
but broken and deprecated. Their functionality was completely
supplanted by the mount.ecryptfs_private setuid binary and the built-in
counter functionality, and the hooks in pam_ecryptfs to call
mount.ecryptfs_private/umount.ecryptfs_private. Before the pam module
handled this, these utilities were added to .bash_profile. That never
made it into Ubuntu, and these utilities have not been used. As
upstream, the intention is for these utilities to become the interactive
wrapper for the compact, hardened /sbin/mount.ecryptfs_private.
:-Dustin
** Attachment added: "ecryptfs-utils.259631.debdiff"
http://launchpadlibrarian.net/19342744/ecryptfs-utils.259631.debdiff
--
Cannot open Private directory after a reboot when "Automatic Login" enabled
https://bugs.launchpad.net/bugs/259631
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
