ecryptfs team mailing list archive

Thread
Date

[Bug 277655] Re: Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers)

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Dustin Kirkland <dustin.kirkland@xxxxxxxxx>
Date: Sat, 21 Feb 2009 01:25:03 -0000
Reply-to: Bug 277655 <277655@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Okay, just an FYI update, since I'm looking at this bug again...

I'm going to leave this open and attached to ecryptfs-utils.

However, this is a pervasive problem in general.  It would take a
complete package audit to find all the places where data might be leaked
to /var/* or /tmp/*, or elsewhere.

Perhaps mandatory access control (SELinux/AppArmor) and exhaustive file
labeling might help.

Also, encrypted home directories in jaunty should also help, in terms of
user data that gets copied to ~/.* directories.

In the meantime, LVM and total disk encryption is likely the best option
for users with a deep concern about this issue.

Good luck,
:-Dustin

-- 
Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers)
https://bugs.launchpad.net/bugs/277655
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” source package in Ubuntu: Confirmed

Bug description:
Intrepid introduced the new Private directory in the user's home directory.  To prevent information leakage, thumbnailers etc should be forbidden from entering the directory (or should store their thumbnails inside the private dir).  Has this been considered/solved?