Public bug reported:
Binary package hint: ecryptfs-utils
ecryptfs-setup-private should check that Private and .Private are empty
before setting up.
If data already exists in ~/Private, and pam_ecryptfs regularly performs
a mount on top of it, then the that data would be hidden from view, and
not encrypted (as the user might expect).
If data already exists in ~/.Private, then that's likely encrypted data,
which will probably not be readable once we generate a new mounting
passphrase, etc.
Thus, we need to stop ecryptfs-setup-private and tell the user to clear
out those directories before proceeding.
*** Note, it would be very nice to provide a utility to "encrypt" the
existing data in place, in an existing Private directory. Would could
uses something like "rsync -a" to copy the data to a tempdir, perform
the ecryptfs mount, and then sync the data back into place. However,
all sorts of race conditions could occur, with other processes
potentially reading/writing data during the "encryption migration"--a
much harder problem to solve than it initially seems.
:-Dustin
** Affects: ecryptfs-utils (Ubuntu)
Importance: Undecided
Status: New
--
ecryptfs-setup-private should check that Private and .Private are empty
https://bugs.launchpad.net/bugs/260346
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
