ecryptfs team mailing list archive

Thread
Date

[Bug 277894] Re: anyone with a livecd can acces data on ubuntu -- encrypt home directories

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Martin Pool <mbp@xxxxxxxxxxxxxx>
Date: Wed, 19 Nov 2008 05:27:12 -0000
Reply-to: Bug 277894 <277894@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Jessie,

One reason not to turn it on by default is that it runs some risk of the
user's data being entirely unrecoverable - leaving aside the possibility
of bugs in the software, users do forget passwords, etc.  There are
plenty of reports of people running into similar problems with NTFS
encryption.  Different people will have different preferences for
whether they'd rather run the risk of losing access to their files
themselves, or of someone else seeing them if they gain physical access
to the machine.

-- 
anyone with a livecd can acces data on ubuntu -- encrypt home directories
https://bugs.launchpad.net/bugs/277894
You received this bug notification because you are a member of eCryptfs,
which is a direct subscriber.

Status in eCryptfs - Enterprise Cryptographic Filesystem: Fix Released
Status in “ecryptfs-utils” source package in Ubuntu: In Progress

Bug description:
all of my personal files i store in ubuntu can be accessed by anyone with a livecd without knowing my password. mac actually locks your personal data by default so if you put a livecd in and try to access them it will prompt you for the password. ubuntu does not have this. this renders all of my personal files insecure. this seems pretty serious to me.

try using a livecd to read data from your home folder on a mac and see what happens. this is what should happen in ubuntu.

once again, seeing as this applies to everyone on a default setup and how it allows anyone to see all of the files on the computer without a password, including extremely private and critical ones, and seeing as how you can eveen delete these files too, it seems pretty serious to me.