umount of ecryptfs does not automatically clear the keyring (can be mounted by root later)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eCryptfs |
Fix Released
|
Medium
|
Dustin Kirkland | ||
ecryptfs-utils (Fedora) |
Fix Released
|
High
|
|||
ecryptfs-utils (Ubuntu) |
Fix Released
|
Medium
|
Dustin Kirkland | ||
Jaunty |
Won't Fix
|
Medium
|
Unassigned | ||
Karmic |
Won't Fix
|
Medium
|
Dustin Kirkland | ||
Lucid |
Fix Released
|
Medium
|
Dustin Kirkland | ||
Maverick |
Fix Released
|
Medium
|
Dustin Kirkland | ||
Natty |
Fix Released
|
Medium
|
Dustin Kirkland |
Bug Description
How to reproduce :
1) setup a private directory
2)
sudo -s
cd /
mkdir source
mkdir target
cp ~user/.
file /source/example.pdf
/source/
mount -t ecryptfs source target
Passphrase: type anything that is not your passphrase or passwords
Select cipher:
1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (loaded)
2) blowfish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
3) des3_ede: blocksize = 8; min keysize = 24; max keysize = 24 (not loaded)
4) twofish: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
5) cast6: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
6) cast5: blocksize = 8; min keysize = 5; max keysize = 16 (not loaded)
Selection [aes]:
Select key bytes:
1) 16
2) 32
3) 24
Selection [16]:
Enable plaintext passthrough (y/n) [n]: n
Attempting to mount with the following options:
ecryptfs_
ecryptfs_
ecryptfs_
WARNING: Based on the contents of [/root/
it looks like you have never mounted with this key
before. This could mean that you have typed your
passphrase wrong.
Would you like to proceed with the mount (yes/no)? yes
Would you like to append sig [4c748f746abcc24e] to
[/root/
in order to avoid this warning in the future (yes/no)? no
Not adding sig to user sig cache file; continuing with mount.
Mounted eCryptfs
file /source/example.pdf
/source/
Now I know that the files are really encrypted (using a wrong passphrase on files copied to another computer makes the file unreadable), but I don't understand how root on my system can mount my files without the correct passphrase... is the passphrase stored somewhere? This is really strange and doesn't give me too much confidence in this technology. Let's hope I overlooked something.
============
SRU Justification:
Impact: This bug affects users of Ubuntu's encrypted home/private directory feature if they are concerned about a malicious or snooping root user on the system.
Minimal patch: The minimal patch can be found in upstream commit r520:
* http://
Reproduce instructions: Follow the excellent instructions in this bug description.
Regression potential: Minimal. The key removal code is the last thing that happens before the umount is attempted. If for some reason the new key-unlinking code failed (it should not; errors are ignored; keys are removed on a best-effort basis), then the umount might not happen. As I said, this should be a near impossible situation. I think this update should be very safe. It's been in Natty now for a couple of weeks.
============
Related branches
- Dustin Kirkland : Pending requested
description: | updated |
Changed in ecryptfs: | |
assignee: | nobody → kirkland |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in ecryptfs-utils: | |
status: | Unknown → Confirmed |
Changed in ecryptfs: | |
status: | Triaged → Fix Committed |
Changed in ecryptfs-utils: | |
status: | Confirmed → Fix Committed |
Changed in ecryptfs-utils: | |
status: | Fix Committed → Fix Released |
security vulnerability: | yes → no |
visibility: | private → public |
Changed in ecryptfs-utils (Ubuntu): | |
status: | Fix Released → Confirmed |
Changed in ecryptfs-utils (Ubuntu Lucid): | |
status: | New → Confirmed |
Changed in ecryptfs-utils (Ubuntu Karmic): | |
status: | New → Confirmed |
Changed in ecryptfs-utils (Ubuntu Jaunty): | |
importance: | Undecided → Medium |
status: | New → Confirmed |
Changed in ecryptfs-utils (Ubuntu Lucid): | |
importance: | Undecided → Medium |
Changed in ecryptfs-utils (Ubuntu Maverick): | |
importance: | Undecided → Medium |
Changed in ecryptfs-utils (Ubuntu Karmic): | |
importance: | Undecided → Medium |
security vulnerability: | no → yes |
tags: | added: jaunty karmic lucid maverick patch |
Changed in ecryptfs: | |
status: | Triaged → In Progress |
Changed in ecryptfs-utils (Ubuntu Natty): | |
status: | Confirmed → In Progress |
assignee: | nobody → Dustin Kirkland (kirkland) |
Changed in ecryptfs: | |
status: | Fix Committed → Fix Released |
Changed in ecryptfs-utils (Ubuntu Karmic): | |
assignee: | nobody → Dustin Kirkland (kirkland) |
status: | Triaged → In Progress |
Changed in ecryptfs-utils (Ubuntu Lucid): | |
assignee: | nobody → Dustin Kirkland (kirkland) |
status: | Triaged → In Progress |
Changed in ecryptfs-utils (Ubuntu Maverick): | |
assignee: | nobody → Dustin Kirkland (kirkland) |
status: | Triaged → In Progress |
tags: |
added: verification-done removed: verification-needed |
tags: | added: verification-done-lucid verification-needed |
Changed in ecryptfs-utils (Ubuntu Karmic): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done removed: verification-needed |
Changed in ecryptfs-utils (Fedora): | |
importance: | Unknown → High |
This is probably due to kernel keyring caching.
After doing your unmount, do the following to clear your kernel keyring:
$ keyctl clear @u
Then try to remount.
:-Dustin