ecryptfs team mailing list archive

Thread
Date

[Bug 883238] Re: encrypted-private mount passphrases can be leaked to disk

To: ecryptfs@xxxxxxxxxxxxxxxxxxx
From: Tyler Hicks <tyhicks@xxxxxxxxxxxxx>
Date: Fri, 28 Oct 2011 19:37:27 -0000
Reply-to: Bug 883238 <883238@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: ecryptfs-utils (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: ecryptfs-utils (Ubuntu)
       Status: New => Triaged

** Changed in: ecryptfs-utils (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of eCryptfs,
which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/883238

Title:
  encrypted-private mount passphrases can be leaked to disk

Status in eCryptfs - Enterprise Cryptographic Filesystem:
  Triaged
Status in “ecryptfs-utils” package in Ubuntu:
  Triaged

Bug description:
  When an encrypted home or private directory is set up, instructions
  are provided which say to login to the new account before rebooting.
  This is so the newly generated mount passphrase can be wrapped with
  the user's login passphrase before it is written to disk. During the
  time between account creation and the initial login, the unencrypted
  mount passphrase is stored in a tmpfs mount (/dev/shm/) and the file
  is protected by restrictive DAC permissions.

  If the instructions are not followed and the system is shut down
  before the new user logs in, the ecryptfs-utils-save init script conf
  file (/etc/init/ecryptfs-utils-save.conf) moves the unencrypted mount
  passphrase from the tmpfs mount to a folder in /var/tmp/ to persist
  across the reboot. Upon the next boot, the unencrypted mount
  passphrase is moved back to the tmpfs mount in anticipation of the new
  user performing the initial login.

  The security concern is that the unencrypted mount passphrase is
  leaked to disk, compromising the user's encrypted files in the case of
  an offline attack. Because Linux does not have a secure file deletion
  mechanism, an attacker may be successful in examining the disk and
  extracting the mount passphrase which can then be used to unwrap each
  file encryption key. The file encryption keys can then be used to
  unencrypt the file contents.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/883238/+subscriptions

References

[Bug 883238] [NEW] encrypted-private mount passphrases can be leaked to disk
From: Tyler Hicks, 2011-10-28