eCryptfs

ecryptfs-recover-private fails to mount previous homedir on ubuntu bionic

Bug #1769373 reported by henczati on 2018-05-05

This bug affects 5 people

Affects		Status	Importance	Assigned to	Milestone
	eCryptfs	New	Undecided	Unassigned

Bug Description

# REPRODUCE:

Steps (specific real info replaced with vars):

1. Boot from Lubuntu 18.04 (bionic) daily-live (http://cdimage.ubuntu.com/lubuntu/bionic/daily-live/) from 2018-05-04 (after bionic release).
2. Create user with the same uid as was used by previous home user ($user).
3. Logout & sign in as $user.
4. Mount *partition* with previous (ecryptfs-encrypted) home (to $mnt).
5. Install ecryptfs utils (not on Lubuntu 18.04 live by default):
```bash
$ sudo apt update
$ sudo apt install ecryptfs-utils
```
6. Mount previous home:
```bash
$ sudo ecryptfs-recover-private "$mnt"/home/.ecryptfs/"$user"/.Private/
INFO: Found [$mnt/home/.ecryptfs/$user/.Private/].
Try to recover this directory? [Y/n]:
INFO: Found your wrapped-passphrase
Do you know your LOGIN passphrase? [Y/n]
INFO: Enter your LOGIN passphrase...
Passphrase:
Inserted auth tok with sig [$ecryptfs_sig] into the user session keyring
mount: /tmp/ecryptfs.$XXXXXXXX: mount(2) system call failed: No such file or directory.
ERROR: Failed to mount private data at [/tmp/ecryptfs.$XXXXXXXX].
```

```bash
$ ls -ld /tmp/ecryptfs.$XXXXXXXX
drwx------ 2 root root 40 May 5 17:04 /tmp/ecryptfs.$XXXXXXXX/
```

-----------------------------
(edited:)
# HOTFIX (HACK):

Steps (after $tmpdir creation but *before* trying to mount):

1. Change user and group ownership of temporary folder (to mount in) to the user (uid) and group (gid) of the previous (ecryptfs-encrypted) home directory.
2. (HACK) Run the mount command that follows, but first without the '-i' parameter and submit empty password (enter) 3x.

# NOTES:

I don't exactly know why the hack is needed (probably to reset some state), but without this failed mount without '-i' cannot successfully mount afterwards.

When I had ecryptfs-recover-private patched with step 1. only, the mount failed on a fresh live boot.

But if after a failed mount I ran only the mount command from the script without the '-i' parameter manually in a terminal then interrupted when asked the passphrase (by Ctrl+C), then the only-chmod-patched ecryptfs-recover-private would mount successfully and repeatedly (re-mount) until reboot.
-> The hack step is needed only once per boot.

If patched with the hack, use empty passphrase as Ctrl+C will interrupt the whole script not just the mount command (as echo-ed in the patch).

I got the mount command (that failed, and had to fail without '-i') by running ecryptfs-recover-private by 'sh -ex':
```bash
$ sudo sh -ex /usr/bin/ecryptfs-recover-private "$mnt"/home/.ecryptfs/"$user"/.Private/

See original description

Tags:

henczati (henczati) on 2018-05-05

description:	updated
description:	updated
description:	updated
description:	updated

henczati (henczati) on 2018-05-05

tags:	added: ecryptfs-utils
tags:	added: ecryptfs-recover-private

Revision history for this message

henczati (henczati) wrote on 2018-05-05:

# Patch

WHAT:
After mktemp, before mount:
```bash
chown --reference="$mnt"/home/.ecryptfs/"$user"/.Private /tmp/ecryptfs."$XXXXXXXX"
```

USE:
```bash
cd / && patch -p1 <"$patch_path"
```

Revision history for this message

henczati (henczati) wrote on 2018-05-05:

p.s.: The snippet in comment #2 is representative, NOT the exact patch addition!

henczati (henczati) on 2018-05-05

description:

updated

Revision history for this message

henczati (henczati) wrote on 2018-05-05:

hotfix with mount-fail hack Edit (905 bytes, text/x-diff)

First patch did not work after rebooting from the live image.
Created new patch with a hack that I needed: a step that I did manually before creating the first patch.

Description updated.

description:	updated
description:	updated

henczati (henczati) on 2018-05-05

description:	updated
description:	updated

Revision history for this message

Péter Sümegi (pet3r3) wrote on 2019-01-11:

Thanks for the patch!!

Revision history for this message

henczati (henczati) wrote on 2019-01-11:

You are welcome, but **beware, it is not a clean/proper solution**, just a hacky way to get to your data, that I discovered empirically, with a little luck using some general linux/bash knowledge.

IIRC, one **side effect** of the patch might be that you have to **umount the homedir 2x after use**.

Note that I am no security expert, am not closely familiar with the inner workings of ecryptfs, and have no guarantee that the encrypted home mounted with the patched script will retain the security properties of the official release (although *I* am not aware of any clear indication of a threat).

With that in mind, **I recommend using the patched script solely for data recovery, and transitioning to another, better supported and maintained encryption solution**.

Revision history for this message

Péter Sümegi (pet3r3) wrote on 2019-01-11:

I only used it for recovering data from my old home volume, so I had mount it only once and then deleted it.
I don't use eCryptfs anymore.

Thanks, again!