Ubuntu
ureadahead package

ureadahead creates unwanted pack files (tmpfs, encrypted partitions)

Bug #782646 reported by pberndt
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
ureadahead (Ubuntu)
Triaged
Medium
Unassigned

Bug Description

Binary package hint: ureadahead

On my system, ureadahead created pack files for
- /var/* (I use tmpfs for /var/lock, /var/run and /var/tmp)
- /home (Which is especially bad, since my /home is encrypted and thus security is compromised)

Of course, most file names stored in home.pack are pretty predictable, so attackers don't gain much by knowing home.pack. Still, I'd prefer if this file was not present..

Please
- Extend ureadahead with the ability to ignore certain directories (sth. similar to /etc/updatedb.conf?)
- Ignore dm-crypt'ed partitions by default

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: ureadahead 0.100.0-11
ProcVersionSignature: Ubuntu 2.6.38-8.42-generic-pae 2.6.38.2
Uname: Linux 2.6.38-8-generic-pae i686
NonfreeKernelModules: nvidia
Architecture: i386
Date: Sat May 14 15:04:45 2011
SourcePackage: ureadahead
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
pberndt (phillip-berndt) wrote :
Revision history for this message
pberndt (phillip-berndt) wrote :

I just noticed Bug #559525 already addresses the /var/log problem and Bug #582102 already asks for a configurable ignore-list.

Still, I leave this bug open, since the problem with encrypted /home is security related.

Revision history for this message
James M. Leddy (jm-leddy) wrote :

There is no security hole here. The only thing that ureadahead does is call readahead() on certain files to tell the kernel to cache these files for later use. I'm not certain how ecryptfs works, but I'm fairly certain there's no security weakness here. For instance, it's likely that ureadahead reads the encrypted information in to memory for later decryption when you log in or something.

Revision history for this message
pberndt (phillip-berndt) wrote :

The list of those "certain files" is not hard coded into ureadahead but is gathered by checking which files are accessed when booting and then saving that file list onto the hard drive. So if the encrypted partition is mounted early enough, ureadahead saves a list of files on that partition elsewhere, unencrypted.

I'm not that much into crypto analysis, so I can't tell how important this little known plain-text is in cracking the encryption. But I can imagine lots of encryption applications where even the exposure of the names of the encrypted files is a severe security breach.

Steve Langasek (vorlon)
Changed in ureadahead (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.