ecryptfs team mailing list archive
-
ecryptfs team
-
Mailing list archive
-
Message #01140
[Bug 400484] Re: unable to show the contents of my kernel keyring
This bug was fixed in the package ecryptfs-utils - 76-0ubuntu1
---------------
ecryptfs-utils (76-0ubuntu1) karmic; urgency=low
[ Dustin Kirkland ]
* src/utils/ecryptfs-setup-swap: switch from vol_id to blkid,
LP: #376486
* debian/ecryptfs-utils.postinst, src/utils/ecryptfs-setup-private:
don't echo mount passphrase if running in bootstrap mode; prune
potential leakages from install log, LP: #383650
* SECURITY UPDATE: mount passphrase recorded in install log (LP: #383650).
- debian/ecryptfs-utils.postinst: prune private information from
installer log
- src/utils/ecryptfs-setup-private: don't echo passphrase if running in
bootstrap mode
- CVE-2009-1296
* src/utils/ecryptfs-setup-private: make some of the lanuage more readable,
(thanks, anrxc)
* README, configure.ac, debian/control, debian/rules,
doc/sourceforge_webpage/README, src/libecryptfs-swig/libecryptfs.py,
src/libecryptfs-swig/libecryptfs_wrap.c,
src/libecryptfs/key_management.c, src/libecryptfs/libecryptfs.pc.in,
src/libecryptfs/main.c, src/pam_ecryptfs/Makefile.am,
src/utils/manager.c, src/utils/mount.ecryptfs.c: move build from gcrypt
to nss (this change has been pending for some time)
* src/utils/ecryptfs-dot-private: dropped, was too hacky
* ecryptfs-mount-private.1, ecryptfs-setup-private.1: align the
documentation and implementation of the wrapping-independent feature,
LP: #383746
* src/utils/ecryptfs-umount-private: use keyctl list @u, since keyctl show
stopped working, LP: #400484, #395082
* src/utils/mount.ecryptfs_private.c: fix counter file locking; solves
a longstanding bug about "random" umount caused by cronjobs, LP: #358573
[ Michal Hlavinka (edits by Dustin Kirkland) ]
* doc/manpage/ecryptfs-mount-private.1,
doc/manpage/ecryptfs-rewrite-file.1,
doc/manpage/ecryptfs-setup-private.1, doc/manpage/ecryptfs.7,
doc/manpage/mount.ecryptfs_private.1,
doc/manpage/umount.ecryptfs_private.1: documentation updated to note
possible ecryptfs group membership requirements; Fix ecrypfs.7 man
page and key_mod_openssl's error message; fix typo
* src/libecryptfs/decision_graph.c: put a finite limit (5 tries) on
interactive input; fix memory leaks when asking questions
* src/libecryptfs/module_mgr.c: Don't error out with EINVAL when
verbosity=0 and some options are missing.
* src/utils/umount.ecryptfs.c: no error for missing key when removing it
* src/libecryptfs-swig/libecryptfs.i: fix compile werror, cast char*
* src/utils/ecryptfs_add_passphrase.c: fix/test/use return codes;
return nonzero for --fnek when not supported but used
* src/include/ecryptfs.h, src/key_mod/ecryptfs_key_mod_openssl.c,
src/libecryptfs/module_mgr.c: refuse mounting with too small rsa
key (key_mod_openssl)
* src/utils/ecryptfs_insert_wrapped_passphrase_into_keyring.c: fix return
codes
* src/utils/ecryptfs-rewrite-file: polish output
* src/libecryptfs/key_management.c: inform about full keyring; insert fnek
sig into keyring if fnek support check fails; don't fail if key already
exists in keyring
* src/utils/ecryptfs-setup-private: if the ecryptfs group exists, restrict
ecryptfs-setup-private to members of this group
* src/pam_ecryptfs/pam_ecryptfs.c: dynamically load ecryptfs module by
checking ecryptfs version
* src/libecryptfs/decision_graph.c, src/utils/io.c,
src/utils/mount.ecryptfs.c: fix EOF handling, LP: #371587
* src/desktop/Makefile.am: make desktop files trusted, LP: #371426
[ Dustin Kirkland and Daniel Baumann ]
* debian/control, debian/copyright, debian/ecryptfs-utils.dirs,
debian/ecryptfs-utils.install, debian/ecryptfs-utils.postinst,
debian/rules, ecryptfs-utils.pam-auth-update: sync Ubuntu's
packaging with Debian; drop dpatch, drop libssl build dep, clean
up extraneous debhelper bits, match cflags; remaining diff is only
ecryptfs-utils.prerm
[ Arfrever Frehtes Taifersar Arahesis ]
* key_mod/ecryptfs_key_mod_gpg.c,
key_mod/ecryptfs_key_mod_pkcs11_helper.c,
libecryptfs/key_management.c, utils/ecryptfs_unwrap_passphrase.c:
Fix warnings, initialize a few variables, drop unused ones
[ David Hicks ]
* src/lib/key_management.c: fix stray semicolon that prevents .ecryptfsrc
files from working properly, LP: #372709
[ Michael Rooney ]
* src/python/ecryptfsapi.py: added python api
-- Dustin Kirkland <kirkland@xxxxxxxxxx> Fri, 17 Jul 2009 18:33:44
-0500
** Changed in: ecryptfs-utils (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1296
--
unable to show the contents of my kernel keyring
https://bugs.launchpad.net/bugs/400484
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.
Status in “ecryptfs-utils” package in Ubuntu: Fix Released
Status in “keyutils” package in Ubuntu: New
Status in “linux” package in Ubuntu: Confirmed
Bug description:
Running the command:
$ keyctl show
I should see something like the following:
kirkland@t61p:~$ keyctl show
Session Keyring
-3 --alswrv 1000 -1 keyring: _uid_ses.1000
698440950 --alswrv 1000 -1 \_ keyring: _uid.1000
575594151 --alswrv 1000 0 \_ user: 67354f2e3a6c1216
940463712 --alswrv 1000 0 \_ user: 1cb12fd405033223
And this is true, if I run the Jaunty 2.6.28 kernel on Karmic.
However, this is completely broken with the 2.6.31 Karmic kernel.
kirkland@x200:~$ keyctl show
Session Keyring
-3 --alswrv 1000 1000 keyring: _ses
Major regression. Hoses ecryptfs, which relies on keyutils.
:-Dustin
ProblemType: Bug
Architecture: amd64
Date: Thu Jul 16 21:32:48 2009
DistroRelease: Ubuntu 9.10
MachineType: LENOVO 7454CTO
Package: linux-image-2.6.31-3-generic 2.6.31-3.19
ProcCmdLine: root=UUID=d45ce184-de1d-48ac-a143-44ab4432a207 ro quiet splash
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-3.19-generic
RelatedPackageVersions: linux-backports-modules-2.6.31-3-generic N/A
SourcePackage: linux
Uname: Linux 2.6.31-3-generic x86_64
dmi.bios.date: 04/22/2009
dmi.bios.vendor: LENOVO
dmi.bios.version: 6DET44WW (2.08 )
dmi.board.name: 7454CTO
dmi.board.vendor: LENOVO
dmi.board.version: Not Available
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Not Available
dmi.modalias: dmi:bvnLENOVO:bvr6DET44WW(2.08):bd04/22/2009:svnLENOVO:pn7454CTO:pvrThinkPadX200:rvnLENOVO:rn7454CTO:rvrNotAvailable:cvnLENOVO:ct10:cvrNotAvailable:
dmi.product.name: 7454CTO
dmi.product.version: ThinkPad X200
dmi.sys.vendor: LENOVO