ecryptfs-setup-private potentially exposes passwords in the process table
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eCryptfs |
Fix Released
|
Undecided
|
Unassigned | ||
ecryptfs-utils (Ubuntu) |
Fix Released
|
Critical
|
Dustin Kirkland | ||
Intrepid |
Fix Released
|
Critical
|
Dustin Kirkland |
Bug Description
Binary package hint: ecryptfs-utils
ecryptfs-
There are two calls in ecryptfs-
* ecryptfs-
* ecryptfs-
that use passwords on the command line.
There is a small yet real possibility that these passwords could be exposed on the process table momentarily.
To fix this problem, we need to:
a) patch both ecryptfs-
b) modify the callers to use a dash/bash builtin function (such as echo or printf) to send this passphrases to those utilities on standard in
Thanks to Jamie Strandboge for the bug report.
:-Dustin
Related branches
Changed in ecryptfs-utils: | |
assignee: | nobody → kirkland |
importance: | Undecided → Critical |
status: | New → In Progress |
Changed in ecryptfs-utils: | |
status: | In Progress → Fix Committed |
Changed in ecryptfs-utils: | |
milestone: | none → ubuntu-8.10 |
Changed in ecryptfs: | |
status: | New → Fix Released |
This is the patch to solve this for the ecryptfs- add-passphrase and ecryptfs- wrap-passphrase utilities. The rest of the ecryptfs* passphrase* utilities should be solved in a similar manner. These are the most important two, as well as the callers in ecryptfs- setup-private.
This should be released for Intrepid.
:-Dustin