ecryptfs team mailing list archive

Thread
Date

[Bug 287906] Re: ecryptfs-setup-private should validate that the login password is correct

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Dustin Kirkland <dustin.kirkland@xxxxxxxxx>
Date: Thu, 23 Oct 2008 03:22:41 -0000
Reply-to: Bug 287906 <287906@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The patch to solve this looks something like this, for these two
utilities.

The rest of the ecryptfs-* utilities should be fixed as well, in one
fail swoop.

:-Dustin

** Attachment added: "ecryptfs-utils.287906.patch"
   http://launchpadlibrarian.net/18811103/ecryptfs-utils.287906.patch

-- 
ecryptfs-setup-private should validate that the login password is correct
https://bugs.launchpad.net/bugs/287906
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” source package in Ubuntu: In Progress

Bug description:
Binary package hint: ecryptfs-utils

ecryptfs-setup-private should validate that the login password is correct.

Bug #259631 sort of exposed this bug.  Somewhere buried in there, we have a user who enters the wrong login password.  If they enter the same wrong password twice, ecryptfs-setup-private proceeds to use it.

This can be fixed with unix_chkpwd.

:-Dustin

References

[Bug 287906] [NEW] ecryptfs-setup-private should validate that the login password is correct
From: Dustin Kirkland, 2008-10-23