← Back to team overview

ecryptfs team mailing list archive

  1. ecryptfs team
  2. Mailing list archive
  3. Message #01689

[Bug 508853] [NEW] ecryptfs: keyring is not cleared on logout

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Binary package hint: ecryptfs-utils

On a fresh Ubuntu 9.10 install with ecryptfs-enabled home directory the
.Private directory is unmounted on logout, but the keys are not cleared
from the keyring. This enables a user with admin rights to "su -
<username>" into the account and access the files, while the user might
believe they are locked away.

Steps to reproduce:

1. set up ecryptfs home directory for user "foo"
2. login as "foo" with password, files are unlocked, .Private is mounted
3. logout, .Private is unmounted
4. from a different admin account "admin": "sudo su - foo", give admin's password, password for foo is not asked

What happens:
.Private is mounted, the files are unlocked and accessible. 

What is expected:
admin should only see the encrypted files in .Private. This is what happens if foo called "ecryptfs-umount-private" prior to loggging out.

** Affects: ecryptfs-utils (Ubuntu)
     Importance: Undecided
         Status: New

-- 
ecryptfs: keyring is not cleared on logout
https://bugs.launchpad.net/bugs/508853
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.

Status in “ecryptfs-utils” package in Ubuntu: New

Bug description:
Binary package hint: ecryptfs-utils

On a fresh Ubuntu 9.10 install with ecryptfs-enabled home directory the .Private directory is unmounted on logout, but the keys are not cleared from the keyring. This enables a user with admin rights to "su - <username>" into the account and access the files, while the user might believe they are locked away.

Steps to reproduce:

1. set up ecryptfs home directory for user "foo"
2. login as "foo" with password, files are unlocked, .Private is mounted
3. logout, .Private is unmounted
4. from a different admin account "admin": "sudo su - foo", give admin's password, password for foo is not asked

What happens:
.Private is mounted, the files are unlocked and accessible. 

What is expected:
admin should only see the encrypted files in .Private. This is what happens if foo called "ecryptfs-umount-private" prior to loggging out.

Follow ups

References

  Thread PreviousDate PreviousThread Next