ecryptfs team mailing list archive
-
ecryptfs team
-
Mailing list archive
-
Message #01898
[Bug 883238] Re: encrypted-private mount passphrases can be leaked to disk
** Also affects: ecryptfs-utils (Ubuntu)
Importance: Undecided
Status: New
** Changed in: ecryptfs-utils (Ubuntu)
Status: New => Triaged
** Changed in: ecryptfs-utils (Ubuntu)
Importance: Undecided => Medium
--
You received this bug notification because you are a member of eCryptfs,
which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/883238
Title:
encrypted-private mount passphrases can be leaked to disk
Status in eCryptfs - Enterprise Cryptographic Filesystem:
Triaged
Status in “ecryptfs-utils” package in Ubuntu:
Triaged
Bug description:
When an encrypted home or private directory is set up, instructions
are provided which say to login to the new account before rebooting.
This is so the newly generated mount passphrase can be wrapped with
the user's login passphrase before it is written to disk. During the
time between account creation and the initial login, the unencrypted
mount passphrase is stored in a tmpfs mount (/dev/shm/) and the file
is protected by restrictive DAC permissions.
If the instructions are not followed and the system is shut down
before the new user logs in, the ecryptfs-utils-save init script conf
file (/etc/init/ecryptfs-utils-save.conf) moves the unencrypted mount
passphrase from the tmpfs mount to a folder in /var/tmp/ to persist
across the reboot. Upon the next boot, the unencrypted mount
passphrase is moved back to the tmpfs mount in anticipation of the new
user performing the initial login.
The security concern is that the unencrypted mount passphrase is
leaked to disk, compromising the user's encrypted files in the case of
an offline attack. Because Linux does not have a secure file deletion
mechanism, an attacker may be successful in examining the disk and
extracting the mount passphrase which can then be used to unwrap each
file encryption key. The file encryption keys can then be used to
unencrypt the file contents.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ecryptfs/+bug/883238/+subscriptions
References