libpam-encfs causes problems with sudo
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libpam-encfs (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: libpam-encfs
When using sudo as a user whose home directory is encrypted by encfs using libpam-encfs for authentification, the following behavior shows up:
tittel@uranus:/etc$ sudo pwd
Password:
/home/tittel
tittel@uranus:/etc$ sudo pwd
/etc
tittel@uranus:/etc
As you can see, if sudo is called for the first time and asks for the password, the current path is not inherited by the super user environment. This problem does not occur with a user whose home directory is not encrypted by encfs. I highly suspect that a bug in libpam-encfs is at fault, after looking at upstream's changelog (http://
"Fixed a bug related to sudo and chdir (not a security issue), now using stat instead, thanks to Yves Perrenoud for the bugreport + suggested fix."
Version 0.1.4 of libpam-encfs was released in July 2006, however Ubuntu packages for feisty and gutsy still ship with 0.1.3. Maybe we should update to a more recent version of libpam-encfs at last or at least backport the fix, because I think breaking sudo this way is VERY dangerous. Just imagine somebody using the "rm" command in conjunctive with a relative path statement and deleting the wrong directory tree because of that. And before I noticed this bug, I copied a lot of file to the wrong destination myself because of it.
I grow a bit impatient and rolled my own .deb package for 0.1.4.1. And my suspicion was right: Since installing 0.1.4.1 of libpam-encfs this problem is gone.
It would be great if the maintainer could update the package to 0.1.4.1 at least for gutsy, since this is really an annoying problem. If I have not overseen anything, this should be a simple matter of importing the upstream source code, changing version numbers and rebuilding the package.