ecryptfs team mailing list archive

Thread
Date

[Bug 277655] Re: Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers)

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Dustin Kirkland <dustin.kirkland@xxxxxxxxx>
Date: Fri, 24 Apr 2009 19:31:35 -0000
Reply-to: Bug 277655 <277655@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Couple things to update here ...

With encrypted home directories now available in Jaunty, it's possible
to keep all data, meta data, and cached data in your home directory
encrypted.

For Karmic, I hope that /tmp becomes a tmpfs, entirely in RAM.  Couple
that with encrypted swap, and it should be possible to prevent tmp data
from ever leaking to disk.

/var/tmp is a little bit trickier.  For /var/tmp, there are relatively
few applications that write data there.  I'd like to take those on a
case-by-case basis, and try to ensure that the data that gets written to
/var/tmp is not leaked sensitive data.

Otherwise, these applications (thumbnailers and such), should be running
as your non-privileged $USER and shouldn't really have write access to
locations outside of $HOME, /tmp, /var/tmp, right?  In which case, I
think we should be able to cover those 3 cases...

:-Dustin

** Changed in: ecryptfs-utils (Ubuntu)
       Status: Confirmed => Triaged

-- 
Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers)
https://bugs.launchpad.net/bugs/277655
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” source package in Ubuntu: Triaged

Bug description:
Intrepid introduced the new Private directory in the user's home directory.  To prevent information leakage, thumbnailers etc should be forbidden from entering the directory (or should store their thumbnails inside the private dir).  Has this been considered/solved?