The following effect may be a consequence of the same bug. Distribution: Ubuntu 10.04
1) Create user1 ( with administrative privileges ) 2) Create user2 ( without administrative privileges ) 3) Logged as user2 set up a private directory, logout & login, create some files in ~/Private, logout. 4) Logged as user1 change user2 password. 5) Logged as user2 (using the new password defined by user1) you can access the /home/user2/Private directory and its contents. The effect persists until you reboot. Conclusion: A privileged user can access private data from others (who recently have logged in and out ) by means of changing their password. -- umount of ecryptfs does not automatically clear the keyring (can be mounted by root later) https://bugs.launchpad.net/bugs/313812 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
