ecryptfs team mailing list archive

Thread
Date

[Bug 370627] Re: Inadvertent opening of encrypted dir

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: markb <mark.blakeney@xxxxxxxxxxxxxxxxxx>
Date: Sat, 23 May 2009 05:11:38 -0000
Reply-to: Bug 370627 <370627@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Further to my comment above, I updated my jaunty laptop kernel to ubuntu
2.6.30-020630rc6-generic and the symptoms are different. From the point
I execute sudo, my ~/Private becomes openly available for anybody to see
without entering a password. They just need to click on the desktop link
at any later time, even after the sudo timeout has expired. Also, from
that point on, executing ecryptfs-umount-private manually returns no
response or error, but ~/Private *never* umounts (no matter how many
times I run it). Presumably ecryptfs-umount-private is getting an error
but not reporting it to the user (nor any log I can find). This lack of
error message could be a separate bug?

I'm not sure if the kernel upgrades are responsible here but it is a
great concern that ecryptfs fails so dangerously. It seems ecryptfs-
utils 74-0ubuntu1~ppa1 did implement some kind of fix as I found above
on my main pc, but must be a *very fragile* fix which can fail wrong-
side, e.g. merely by me upgrading my ubuntu kernel package.

This bug happens 100% repeatably on my laptop and I am willing to
perform specific tests/diagnosis if somebody is interested in
investigating this serious bug. This ubuntu ecryptfs stuff has good
potential use but is nowhere near ready for prime-time with these kind
of bugs hanging around.

-- 
Inadvertent opening of encrypted dir
https://bugs.launchpad.net/bugs/370627
You received this bug notification because you are a member of eCryptfs,
which is a direct subscriber.

Status in eCryptfs - Enterprise Cryptographic Filesystem: In Progress

Bug description:
I've found what I think is quite a significant bug in ecryptfs. I am a user who has auto-login enabled so it means that ecryptfs correctly (as designed) does not automatically mount ~/.Private/. I've discovered that any time you use "sudo" that your password get installed in the kernel keyring and your ~/.Private dir becomes automatically available to be mounted merely by (anybody) clicking on the standard "Access your Private data" link. No password/passphrase is then required to be explicitly entered to open your private dir. The same problem applies even if you don't use auto-login - you may think you have closed off private access with ecryptfs-umount-private but a simple sudo somewhere else makes your private directory available again without entering a password.

It is un-reasonable and dangerous that a typical naive user should have to be aware that he has exposed his private dir just because he did an sudo somewhere completely unrelated. There should be no correlation between sudo and this ecryptfs functionality.

I'm using ecryptfs-utils version 73-0ubuntu6 on jaunty.

References

[Bug 370627] [NEW] Inadvertent opening of encrypted dir
From: markb, 2009-05-02