Comment 50 for bug 313812

Revision history for this message
In , Michal (michal-redhat-bugs) wrote :

extract from irc:
> let me answer this question a different way, "when is this an actual problem?"
> first, only a root user can perform an ecryptfs mount
> non-root users can perform mounts through the setuid binary, mount.ecryptfs_private, but in that case, what they can do is tightly constrained
> to perform a generic mount, it has to be a root user
> now, for this to be a problem, the *root* user must:
> a) establish an ecryptfs mount with one passphrase
> b) unmount
> c) do *not* clear the keyring
> d) do *not* logout of the session
> and then a malicious user must obtain access to *that* session
> by either sitting down at the terminal, or accessing via vnc or screen or some such
> at that point, the malicious user has a root shell
> and while accessing some encrypted data is a bad thing, there are a lot of bad things that can happen at that point
> so we can help with (c) by clearing the keys on unmount
> but ultimately, (d) is the biggie ... the root user needs to logout of the session if they want their data protected

so I think you can still feel yourself safe :)

anyway, there is still plan to add new feature mentioned before