** Description changed: If you have autologin enabled or you're just a fast typist, ureadahead has the potential to cache pieces and whole filenames of files in an eCryptfs filesystem. This is a potential security vulnerability as it could theoretically provide a cryptanalyst vital pieces of plaintext data to break the filesystem encryption. It's a big "if" but it's possible. - I have attached a patch for /etc/init/ureadahead-other.conf to prevent - the caching of eCryptfs filesystems. + My previous patch is incorrect. Turns out my ureadahead broke somehow, + so I thought it was working when it really wasn't. + + The actual problem lies not in /etc/init/ureadahead-other.conf, but in + /etc/init/ureadahead.conf. I ended up adding a `post-stop script` + section to `wipe` the file after it has been written. But, ideally, the + file should never be written at all. + + From what I gathered, ureadahead determines what it should cache by + actual system devices, rather than mount points as I had suspected. The + problem with this is that eCryptfs mounts + /home/.ecryptfs/[user]/.ecryptfs which exists on the same device as /. + So, ureadahead assumes that it should cache all these files on the root + device (which obviously include /home/.ecryptfs/[user]/.ecryptfs) when + invoked as `ureadahead --daemon` as in the /etc/init/ureadahead.conf + file. + + The ideal fix to this bug would be either a config file or a parameter + for ureadahead that allows excluding of certain paths within a device's + filesystem. I would assume this would be possible as ureadahead writes + the whole filenames into its pack files. + + I have retracted my patch.
** Patch removed: "ureadahead-other.diff" https://bugs.launchpad.net/ubuntu/+source/ureadahead/+bug/936822/+attachment/2761312/+files/ureadahead-other.diff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/936822 Title: ureadahead Caches eCryptfs Filesystem Contents To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ureadahead/+bug/936822/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
