ecryptfs team mailing list archive

Thread
Date

[Bug 696276] Re: root user can mount a user encrypted directory

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Tyler Hicks <tyhicks@xxxxxxxxxxxxxxxxxx>
Date: Fri, 28 Jan 2011 04:07:03 -0000
Reply-to: Bug 696276 <696276@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

There's currently no access control checks on the mount wide key. DAC
(and MAC) permissions are what protect read access to the file. So, if
the user's home directory is already mounted, root will be able to read
the files.

Does this answer your question?

-- 
You received this bug notification because you are a member of eCryptfs,
which is a direct subscriber.
https://bugs.launchpad.net/bugs/696276

Title:
  root user can mount a user encrypted directory

Status in eCryptfs - Enterprise Cryptographic Filesystem:
  New

Bug description:
  I could do that adding a SSH key to the user's authorized_keys file
  and login with that key. I am surprise about I could decrypt the
  user's home directory!

  Doesn't  eCryptfs prevent the root user to mount a user's home
  directory?

  Thanks!

References

[Bug 696276] [NEW] root user can mount a user encrypted directory
From: Guilherme Gondim (semente), 2011-01-01