ecryptfs team mailing list archive

[Ian Douglas <849136@xxxxxxxxxxxxxxxxxx>]

*** This bug is a security vulnerability ***

Private security bug reported:

If two users login, one having an encrypted home dir.  The second user
(being a sysadmin) is able to sudo and view the encrypted user's home
directory content.  If the encrypted user then logs out, the other user
can still sudo to the previous users home directory as the unencrypted
mount remains.

I would expect that the encrypted home would unmount when a user logs
off and a sudo to the encrypted user's home would show the unmounted
state like before the user logged in.

Although a sudo trusted user normally would be able to view all disk
content, I was hoping that this would keep the prying sysadmin out of
private data (local logins only allowed).

** Affects: ecryptfs
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of eCryptfs,
which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/849136

Title:
  ecryptfs leaves unencrypted mount after logout

Status in eCryptfs - Enterprise Cryptographic Filesystem:
  New

Bug description:
  If two users login, one having an encrypted home dir.  The second user
  (being a sysadmin) is able to sudo and view the encrypted user's home
  directory content.  If the encrypted user then logs out, the other
  user can still sudo to the previous users home directory as the
  unencrypted mount remains.

  I would expect that the encrypted home would unmount when a user logs
  off and a sudo to the encrypted user's home would show the unmounted
  state like before the user logged in.

  Although a sudo trusted user normally would be able to view all disk
  content, I was hoping that this would keep the prying sysadmin out of
  private data (local logins only allowed).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/849136/+subscriptions