This bug was fixed in the package ecryptfs-utils - 99-0ubuntu1
---------------
ecryptfs-utils (99-0ubuntu1) quantal; urgency=low
[ Dustin Kirkland ]
* debian/ecryptfs-utils.postinst: LP: #936093
- ensure desktop file is executable
* precise
[ Wesley Wiedenmeier ]
* src/utils/mount.ecryptfs.c: LP: #329264
- remove old hack, that worked around a temporary kernel regression;
ensure that all mount memory is mlocked
[ Sebastian Krahmer ]
* src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
- drop group privileges in the same places that user privileges are
dropped
- check return status of setresuid() calls and return if they fail
- drop privileges before checking for the existence of
~/.ecryptfs/auto-mount to prevent possible file existence leakage
by a symlink to a path that typically would not be searchable by
the user
- drop privileges before reading salt from the rc file to prevent the
leakage of root's salt and, more importantly, using the incorrect salt
- discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
* src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
- after dropping privileges, clear the environment before executing the
private eCryptfs mount helper
- discovered by Sebastian Krahmer
* src/utils/mount.ecryptfs_private.c: LP: #1020904
- do not allow private eCryptfs mount aliases to contain ".." characters
as a preventative measure against a crafted file path being used as an
alias
- force the MS_NOSUID mount flag to protect against user controlled lower
filesystems, such as an auto mounted USB drive, that may contain a
setuid-root binary
+ CVE-2012-3409
- force the MS_NODEV mount flag
- after dropping privileges, clear the environment before executing umount
- discovered by Sebastian Krahmer
[ Tyler Hicks ]
* src/libecryptfs/key_management.c: LP: #732614
- zero statically declared buffers to prevent the leakage of stack
contents in the case of a short file read
- discovered by Vasiliy Kulikov
* src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
- fix compiler warnings
-- Dustin Kirkland <[email protected]> Fri, 13 Jul 2012 09:52:36 -0500
** Changed in: ecryptfs-utils (Ubuntu)
Status: Triaged => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-3409
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/732614
Title:
pam_ecryptfs doesn't drop gid when using user's files
To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/732614/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
