anyone with a livecd can acces data on ubuntu -- encrypt home directories

Thank you for using Ubuntu and taking the time to report a bug. The only way to protect your data from a live cd or other means is to encrypt it. Ubuntu users have various options for encrypting their data, including Encrypted LVM via the alternate installer CD and Ecryptfs (https://wiki.ubuntu.com/EncryptedPrivateDirectory). Integrated ecryptfs has been greatly improved in the upcoming 8.10 release, though good support is also included in earlier releases, such as Ubuntu 8.04.

There are plans to investigate using Ecryptfs in the default install in upcoming releases.

I'm currently working encrypting the entire user's home directory. I'm going to propose this again for Jaunty.

:-Dustin

that is an excellent idea! perfect! genius!

On Sun, Nov 9, 2008 at 2:00 AM, Dustin Kirkland
<email address hidden> wrote:
> I'm currently working encrypting the entire user's home directory. I'm
> going to propose this again for Jaunty.
>
> :-Dustin
>
> ** Changed in: ecryptfs-utils (Ubuntu)
> Status: New => In Progress
>
> ** Summary changed:
>
> - anyone with a livecd can acces data on ubuntu
> + anyone with a livecd can acces data on ubuntu -- encrypt home directories
>
> --
> anyone with a livecd can acces data on ubuntu -- encrypt home directories
> https://bugs.launchpad.net/bugs/277894
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in "ecryptfs-utils" source package in Ubuntu: In Progress
>
> Bug description:
> all of my personal files i store in ubuntu can be accessed by anyone with a livecd without knowing my password. mac actually locks your personal data by default so if you put a livecd in and try to access them it will prompt you for the password. ubuntu does not have this. this renders all of my personal files insecure. this seems pretty serious to me.
>
> try using a livecd to read data from your home folder on a mac and see what happens. this is what should happen in ubuntu.
>
> once again, seeing as this applies to everyone on a default setup and how it allows anyone to see all of the files on the computer without a password, including extremely private and critical ones, and seeing as how you can eveen delete these files too, it seems pretty serious to me.
>

"mac actually locks your personal data by default so if you put a livecd in and try to access them it will prompt you for the password."

I've found no documentation of this (FileVault being enabled by default), nor can I reproduce it in 10.4. Can you provide some evidence of this claim?

Thanks!

http://docs.info.apple.com/article.html?path=Mac/10.5/en/8736.html

It looks like it's an optional configuration parameter, rather than being done by default...

:-Dustin

hmm, thats strange. thats what happened to me. and i was even using 10.4

i put in the ubuntu live cd and when i tried to backup some files, i couldnt
unless i entered the right password and stuff, and then i only had access to
the public folder. that was my experience, i didnt read about it anywhere. i
dont even know what filevault is, but whatever it is, it sounds like
something cool that should be enabled by default, especially on laptops. i
think ubuntu should do that by default.

maybe i accidentally enabled something without realizing it. back then when
i tried it, i dont remember how familiar i was with mac.

On Tue, Nov 11, 2008 at 8:55 AM, Dustin Kirkland
<email address hidden>wrote:

> http://docs.info.apple.com/article.html?path=Mac/10.5/en/8736.html
>
> It looks like it's an optional configuration parameter, rather than
> being done by default...
>
> :-Dustin
>
> --
> anyone with a livecd can acces data on ubuntu -- encrypt home directories
> https://bugs.launchpad.net/bugs/277894
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in "ecryptfs-utils" source package in Ubuntu: In Progress
>
> Bug description:
> all of my personal files i store in ubuntu can be accessed by anyone with a
> livecd without knowing my password. mac actually locks your personal data by
> default so if you put a livecd in and try to access them it will prompt you
> for the password. ubuntu does not have this. this renders all of my personal
> files insecure. this seems pretty serious to me.
>
> try using a livecd to read data from your home folder on a mac and see what
> happens. this is what should happen in ubuntu.
>
> once again, seeing as this applies to everyone on a default setup and how
> it allows anyone to see all of the files on the computer without a password,
> including extremely private and critical ones, and seeing as how you can
> eveen delete these files too, it seems pretty serious to me.
>

well, actually, if doing something like this in ubuntu will cause
complications, then maybe it shouldnt be enabled by default. but someone
should certainly try to do something like this and avoid any complications,
because this seems like a really nice feature. if someone makes something
like this for ubuntu that works just as good as it does on mac, then it
should be enabled by default. if it causes trouble upgrading or something,
then the upgrade tool should automatically disable and then re-enable it if
its enabled. but there probably would not be any complications. this should
definately be attempted for jaunty.

On Tue, Nov 11, 2008 at 3:56 PM, Jessie Lawrence <email address hidden>wrote:

> hmm, thats strange. thats what happened to me. and i was even using 10.4
>
> i put in the ubuntu live cd and when i tried to backup some files, i
> couldnt unless i entered the right password and stuff, and then i only had
> access to the public folder. that was my experience, i didnt read about it
> anywhere. i dont even know what filevault is, but whatever it is, it sounds
> like something cool that should be enabled by default, especially on
> laptops. i think ubuntu should do that by default.
>
> maybe i accidentally enabled something without realizing it. back then when
> i tried it, i dont remember how familiar i was with mac.
>
>
> On Tue, Nov 11, 2008 at 8:55 AM, Dustin Kirkland <
> <email address hidden>> wrote:
>
>> http://docs.info.apple.com/article.html?path=Mac/10.5/en/8736.html
>>
>> It looks like it's an optional configuration parameter, rather than
>> being done by default...
>>
>> :-Dustin
>>
>> --
>> anyone with a livecd can acces data on ubuntu -- encrypt home directories
>> https://bugs.launchpad.net/bugs/277894
>> You received this bug notification because you are a direct subscriber
>> of the bug.
>>
>> Status in "ecryptfs-utils" source package in Ubuntu: In Progress
>>
>> Bug description:
>> all of my personal files i store in ubuntu can be accessed by anyone with
>> a livecd without knowing my password. mac actually locks your personal data
>> by default so if you put a livecd in and try to access them it will prompt
>> you for the password. ubuntu does not have this. this renders all of my
>> personal files insecure. this seems pretty serious to me.
>>
>> try using a livecd to read data from your home folder on a mac and see
>> what happens. this is what should happen in ubuntu.
>>
>> once again, seeing as this applies to everyone on a default setup and how
>> it allows anyone to see all of the files on the computer without a password,
>> including extremely private and critical ones, and seeing as how you can
>> eveen delete these files too, it seems pretty serious to me.
>>
>
>

As I have said above, I'm work on seamless home directory encryption for Jaunty.

I have it working in several virtual machines, and on my primary
laptop. I'm still bringing together the pieces to automate the setup
thereof.

It will *not* be the default. However, I do hope that it is an option
on installation (both desktop and server), as well as an option when
the administrator creates new users.

:-Dustin

ok, cool. but i think that there should be a way to enable this through the
gui, like in mac

also, is there any particular reason why it should not be enabled by
default? are there any problems with it?

On Tue, Nov 11, 2008 at 4:17 PM, Dustin Kirkland
<email address hidden>wrote:

> As I have said above, I'm work on seamless home directory encryption for
> Jaunty.
>
> I have it working in several virtual machines, and on my primary
> laptop. I'm still bringing together the pieces to automate the setup
> thereof.
>
> It will *not* be the default. However, I do hope that it is an option
> on installation (both desktop and server), as well as an option when
> the administrator creates new users.
>
> :-Dustin
>
> --
> anyone with a livecd can acces data on ubuntu -- encrypt home directories
> https://bugs.launchpad.net/bugs/277894
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in "ecryptfs-utils" source package in Ubuntu: In Progress
>
> Bug description:
> all of my personal files i store in ubuntu can be accessed by anyone with a
> livecd without knowing my password. mac actually locks your personal data by
> default so if you put a livecd in and try to access them it will prompt you
> for the password. ubuntu does not have this. this renders all of my personal
> files insecure. this seems pretty serious to me.
>
> try using a livecd to read data from your home folder on a mac and see what
> happens. this is what should happen in ubuntu.
>
> once again, seeing as this applies to everyone on a default setup and how
> it allows anyone to see all of the files on the computer without a password,
> including extremely private and critical ones, and seeing as how you can
> eveen delete these files too, it seems pretty serious to me.
>

On Wed, Nov 12, 2008 at 2:50 AM, Jessie Lawrence <email address hidden> wrote:
> ok, cool. but i think that there should be a way to enable this through the
> gui, like in mac

Perhaps. There's some problems with this, at least in my head, that I
don't know how to solve yet. We'll see.

> also, is there any particular reason why it should not be enabled by
> default? are there any problems with it?

This is a very controversial topic. Ubuntu users like choice. They
don't like something being forced upon them. Especially something
controversial.

:-Dustin

whats controversial about security? if encrypting the users home
directory (other than the public folder) by default doesnt cause any
problems, then there is no reason why it shouldnt be. if there are
problems, enlighten me.

plus, you should be able to enable and disable this feature through
one of the settings windows in gnome-control-center, such as in System
> Preferences > Encryption and Keyrings.

On Wed, Nov 12, 2008 at 1:49 AM, Dustin Kirkland
<email address hidden> wrote:
> On Wed, Nov 12, 2008 at 2:50 AM, Jessie Lawrence <email address hidden> wrote:
>> ok, cool. but i think that there should be a way to enable this through the
>> gui, like in mac
>
> Perhaps. There's some problems with this, at least in my head, that I
> don't know how to solve yet. We'll see.
>
>> also, is there any particular reason why it should not be enabled by
>> default? are there any problems with it?
>
> This is a very controversial topic. Ubuntu users like choice. They
> don't like something being forced upon them. Especially something
> controversial.
>
> :-Dustin
>
> --
> anyone with a livecd can acces data on ubuntu -- encrypt home directories
> https://bugs.launchpad.net/bugs/277894
> You received this bug notification because you are a direct subscriber
> of the bug.
>
> Status in "ecryptfs-utils" source package in Ubuntu: In Progress
>
> Bug description:
> all of my personal files i store in ubuntu can be accessed by anyone with a livecd without knowing my password. mac actually locks your personal data by default so if you put a livecd in and try to access them it will prompt you for the password. ubuntu does not have this. this renders all of my personal files insecure. this seems pretty serious to me.
>
> try using a livecd to read data from your home folder on a mac and see what happens. this is what should happen in ubuntu.
>
> once again, seeing as this applies to everyone on a default setup and how it allows anyone to see all of the files on the computer without a password, including extremely private and critical ones, and seeing as how you can eveen delete these files too, it seems pretty serious to me.
>

also, we have plenty of time to implement something like this, but
only if someone gets to work on this NOW. before its too late,
otherwise it will be another one of those failed features that didnt
make it.

On Wed, Nov 12, 2008 at 3:55 PM, Jessie Lawrence <email address hidden> wrote:
> whats controversial about security? if encrypting the users home
> directory (other than the public folder) by default doesnt cause any
> problems, then there is no reason why it shouldnt be. if there are
> problems, enlighten me.
>
> plus, you should be able to enable and disable this feature through
> one of the settings windows in gnome-control-center, such as in System
>> Preferences > Encryption and Keyrings.
>
> On Wed, Nov 12, 2008 at 1:49 AM, Dustin Kirkland
> <email address hidden> wrote:
>> On Wed, Nov 12, 2008 at 2:50 AM, Jessie Lawrence <email address hidden> wrote:
>>> ok, cool. but i think that there should be a way to enable this through the
>>> gui, like in mac
>>
>> Perhaps. There's some problems with this, at least in my head, that I
>> don't know how to solve yet. We'll see.
>>
>>> also, is there any particular reason why it should not be enabled by
>>> default? are there any problems with it?
>>
>> This is a very controversial topic. Ubuntu users like choice. They
>> don't like something being forced upon them. Especially something
>> controversial.
>>
>> :-Dustin
>>
>> --
>> anyone with a livecd can acces data on ubuntu -- encrypt home directories
>> https://bugs.launchpad.net/bugs/277894
>> You received this bug notification because you are a direct subscriber
>> of the bug.
>>
>> Status in "ecryptfs-utils" source package in Ubuntu: In Progress
>>
>> Bug description:
>> all of my personal files i store in ubuntu can be accessed by anyone with a livecd without knowing my password. mac actually locks your personal data by default so if you put a livecd in and try to access them it will prompt you for the password. ubuntu does not have this. this renders all of my personal files insecure. this seems pretty serious to me.
>>
>> try using a livecd to read data from your home folder on a mac and see what happens. this is what should happen in ubuntu.
>>
>> once again, seeing as this applies to everyone on a default setup and how it allows anyone to see all of the files on the computer without a password, including extremely private and critical ones, and seeing as how you can eveen delete these files too, it seems pretty serious to me.
>>
>

if you explain all of the problems in detail (if any), people will be
able to think of ways around them. post them here!

On Wed, Nov 12, 2008 at 3:57 PM, Jessie Lawrence <email address hidden> wrote:
> also, we have plenty of time to implement something like this, but
> only if someone gets to work on this NOW. before its too late,
> otherwise it will be another one of those failed features that didnt
> make it.
>
> On Wed, Nov 12, 2008 at 3:55 PM, Jessie Lawrence <email address hidden> wrote:
>> whats controversial about security? if encrypting the users home
>> directory (other than the public folder) by default doesnt cause any
>> problems, then there is no reason why it shouldnt be. if there are
>> problems, enlighten me.
>>
>> plus, you should be able to enable and disable this feature through
>> one of the settings windows in gnome-control-center, such as in System
>>> Preferences > Encryption and Keyrings.
>>
>> On Wed, Nov 12, 2008 at 1:49 AM, Dustin Kirkland
>> <email address hidden> wrote:
>>> On Wed, Nov 12, 2008 at 2:50 AM, Jessie Lawrence <email address hidden> wrote:
>>>> ok, cool. but i think that there should be a way to enable this through the
>>>> gui, like in mac
>>>
>>> Perhaps. There's some problems with this, at least in my head, that I
>>> don't know how to solve yet. We'll see.
>>>
>>>> also, is there any particular reason why it should not be enabled by
>>>> default? are there any problems with it?
>>>
>>> This is a very controversial topic. Ubuntu users like choice. They
>>> don't like something being forced upon them. Especially something
>>> controversial.
>>>
>>> :-Dustin
>>>
>>> --
>>> anyone with a livecd can acces data on ubuntu -- encrypt home directories
>>> https://bugs.launchpad.net/bugs/277894
>>> You received this bug notification because you are a direct subscriber
>>> of the bug.
>>>
>>> Status in "ecryptfs-utils" source package in Ubuntu: In Progress
>>>
>>> Bug description:
>>> all of my personal files i store in ubuntu can be accessed by anyone with a livecd without knowing my password. mac actually locks your personal data by default so if you put a livecd in and try to access them it will prompt you for the password. ubuntu does not have this. this renders all of my personal files insecure. this seems pretty serious to me.
>>>
>>> try using a livecd to read data from your home folder on a mac and see what happens. this is what should happen in ubuntu.
>>>
>>> once again, seeing as this applies to everyone on a default setup and how it allows anyone to see all of the files on the computer without a password, including extremely private and critical ones, and seeing as how you can eveen delete these files too, it seems pretty serious to me.
>>>
>>
>

I've fixed this upstream in ecryptfs-utils-66, which supports encryption of all of home directories.

I'm leaving the Ubuntu task open for now, as there's a bit more work to be done at the distribution level, to get this working in the installer, etc.

:-Dustin

Jessie,

One reason not to turn it on by default is that it runs some risk of the user's data being entirely unrecoverable - leaving aside the possibility of bugs in the software, users do forget passwords, etc. There are plenty of reports of people running into similar problems with NTFS encryption. Different people will have different preferences for whether they'd rather run the risk of losing access to their files themselves, or of someone else seeing them if they gain physical access to the machine.

I'm marking this "Fix Released". The ecryptfs-utils pieces are pretty much feature-complete, and uploaded to Ubuntu. The remaining bits are mostly in the installer, and in the GUI-tools. These have separate bugs.

Cheers,
:-Dustin