ecryptfs team mailing list archive

Thread
Date

[Bug 277894] [NEW] anyone with a livecd can acces data on ubuntu

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <277894@xxxxxxxxxxxxxxxxxx>
Date: Wed, 15 Oct 2008 15:55:00 -0000
Reply-to: Bug 277894 <277894@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug:

all of my personal files i store in ubuntu can be accessed by anyone
with a livecd without knowing my password. mac actually locks your
personal data by default so if you put a livecd in and try to access
them it will prompt you for the password. ubuntu does not have this.
this renders all of my personal files insecure. this seems pretty
serious to me.

try using a livecd to read data from your home folder on a mac and see
what happens. this is what should happen in ubuntu.

once again, seeing as this applies to everyone on a default setup and
how it allows anyone to see all of the files on the computer without a
password, including extremely private and critical ones, and seeing as
how you can eveen delete these files too, it seems pretty serious to me.

** Affects: ecryptfs-utils (Ubuntu)
     Importance: Wishlist
         Status: New

-- 
anyone with a livecd can acces data on ubuntu
https://bugs.launchpad.net/bugs/277894
You received this bug notification because you are a member of eCryptfs, which is subscribed to ecryptfs-utils in ubuntu.