ureadahead Caches eCryptfs Filesystem Contents
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ureadahead (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
If you have autologin enabled or you're just a fast typist, ureadahead has the potential to cache pieces and whole filenames of files in an eCryptfs filesystem. This is a potential security vulnerability as it could theoretically provide a cryptanalyst vital pieces of plaintext data to break the filesystem encryption. It's a big "if" but it's possible.
My previous patch is incorrect. Turns out my ureadahead broke somehow, so I thought it was working when it really wasn't.
The actual problem lies not in /etc/init/
From what I gathered, ureadahead determines what it should cache by actual system devices, rather than mount points as I had suspected. The problem with this is that eCryptfs mounts /home/.
The ideal fix to this bug would be either a config file or a parameter for ureadahead that allows excluding of certain paths within a device's filesystem. I would assume this would be possible as ureadahead writes the whole filenames into its pack files.
I have retracted my patch.
description: | updated |
I only specifically patched for eCryptfs as it's the only encryption officially supported. It's a bit of a hack-y patch, but unfortunately busybox's /bin/sh can't do cool stuff like extglob in BASH... If that were the case it would have been !(ecryptfs) instead. But it works.