ecryptfs team mailing list archive
-
ecryptfs team
-
Mailing list archive
-
Message #01754
[Bug 508853] Re: ecryptfs: keyring is not cleared on logout
*** This bug is a duplicate of bug 313812 ***
https://bugs.launchpad.net/bugs/313812
** This bug has been marked a duplicate of bug 313812
umount of ecryptfs does not automatically clear the keyring (can be mounted by root later)
--
ecryptfs: keyring is not cleared on logout
https://bugs.launchpad.net/bugs/508853
You received this bug notification because you are a member of eCryptfs,
which is subscribed to ecryptfs-utils in ubuntu.
Status in “ecryptfs-utils” package in Ubuntu: New
Bug description:
Binary package hint: ecryptfs-utils
On a fresh Ubuntu 9.10 install with ecryptfs-enabled home directory the .Private directory is unmounted on logout, but the keys are not cleared from the keyring. This enables a user with admin rights to "su - <username>" into the account and access the files, while the user might believe they are locked away.
Steps to reproduce:
1. set up ecryptfs home directory for user "foo"
2. login as "foo" with password, files are unlocked, .Private is mounted
3. logout, .Private is unmounted
4. from a different admin account "admin": "sudo su - foo", give admin's password, password for foo is not asked
What happens:
.Private is mounted, the files are unlocked and accessible.
What is expected:
admin should only see the encrypted files in .Private. This is what happens if foo called "ecryptfs-umount-private" prior to loggging out.
References