← Back to team overview

ecryptfs team mailing list archive

[Bug 696276] Re: root user can mount a user encrypted directory

 

There's currently no access control checks on the mount wide key. DAC
(and MAC) permissions are what protect read access to the file. So, if
the user's home directory is already mounted, root will be able to read
the files.

Does this answer your question?

-- 
You received this bug notification because you are a member of eCryptfs,
which is a direct subscriber.
https://bugs.launchpad.net/bugs/696276

Title:
  root user can mount a user encrypted directory

Status in eCryptfs - Enterprise Cryptographic Filesystem:
  New

Bug description:
  I could do that adding a SSH key to the user's authorized_keys file
  and login with that key. I am surprise about I could decrypt the
  user's home directory!

  Doesn't  eCryptfs prevent the root user to mount a user's home
  directory?

  Thanks!





References