registry team mailing list archive

Thread
Date

[Bug 313812] Re: umount of ecryptfs does not automatically clear the keyring (can be mounted by root later)

To: registry@xxxxxxxxxxxxxxxxxxx
From: Aldo Caruso <313812@xxxxxxxxxxxxxxxxxx>
Date: Tue, 10 Aug 2010 02:29:08 -0000
Reply-to: Bug 313812 <313812@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The following effect may be a consequence of the same bug.

Distribution: Ubuntu 10.04

1) Create user1 ( with administrative privileges )
2) Create user2 ( without administrative privileges )
3) Logged as user2 set up a private directory, logout & login, create some files in ~/Private, logout.
4) Logged as user1 change user2 password.
5) Logged as user2 (using the new password defined by user1) you can access the /home/user2/Private directory and its contents.

The effect persists until you reboot.

Conclusion:
A privileged user can access private data from others (who recently have logged in and out ) by means of changing their password.

-- 
umount of ecryptfs does not automatically clear the keyring (can be mounted by root later)
https://bugs.launchpad.net/bugs/313812
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Fedora.