Ubuntu
libpam-encfs package

libpam-encfs causes problems with sudo

Bug #111595 reported by astronic
4
Affects Status Importance Assigned to Milestone
libpam-encfs (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: libpam-encfs

When using sudo as a user whose home directory is encrypted by encfs using libpam-encfs for authentification, the following behavior shows up:

tittel@uranus:/etc$ sudo pwd
Password:
/home/tittel
tittel@uranus:/etc$ sudo pwd
/etc
tittel@uranus:/etc

As you can see, if sudo is called for the first time and asks for the password, the current path is not inherited by the super user environment. This problem does not occur with a user whose home directory is not encrypted by encfs. I highly suspect that a bug in libpam-encfs is at fault, after looking at upstream's changelog (http://hollowtube.mine.nu/wiki/index.php?n=Projects.PamEncfs), which states for release 0.1.4:

"Fixed a bug related to sudo and chdir (not a security issue), now using stat instead, thanks to Yves Perrenoud for the bugreport + suggested fix."

Version 0.1.4 of libpam-encfs was released in July 2006, however Ubuntu packages for feisty and gutsy still ship with 0.1.3. Maybe we should update to a more recent version of libpam-encfs at last or at least backport the fix, because I think breaking sudo this way is VERY dangerous. Just imagine somebody using the "rm" command in conjunctive with a relative path statement and deleting the wrong directory tree because of that. And before I noticed this bug, I copied a lot of file to the wrong destination myself because of it.

Revision history for this message
astronic (bugreports-tittel) wrote :

I grow a bit impatient and rolled my own .deb package for 0.1.4.1. And my suspicion was right: Since installing 0.1.4.1 of libpam-encfs this problem is gone.

It would be great if the maintainer could update the package to 0.1.4.1 at least for gutsy, since this is really an annoying problem. If I have not overseen anything, this should be a simple matter of importing the upstream source code, changing version numbers and rebuilding the package.

Revision history for this message
Andrea Ratto (andrearatto) wrote :

I can confirm the problem, it's annoying, please roll a fix out.

Revision history for this message
Andrea Ratto (andrearatto) wrote :

this is fixed in hardy.
here is a backport for gutsy:
http://ppa.launchpad.net/andrearatto/ubuntu/pool/main/libp/libpam-encfs/libpam-encfs_0.1.4.1-2~ppa3_i386.deb

Revision history for this message
Andreas Moog (ampelbein) wrote : Closing the report.

This bug report is being closed due to your last comment regarding this being fixed with an update. For future reference you can manage the status of your own bugs by clicking on the current status in the yellow line and then choosing a new status in the revealed drop down box. You can learn more about bug statuses at https://wiki.ubuntu.com/Bugs/Status . Thank you again for taking the time to report this bug and helping to make Ubuntu better. Please submit any future bugs you may find.

Changed in libpam-encfs (Ubuntu):
status: New → Invalid
status: Invalid → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.