updatedb support missing for eCryptfs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eCryptfs |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
I'm a recent user of eCryptfs with Xubuntu 12.04. My whole home is crypted.
Now I realize that all my files aren't found by updatedb, and I had a look into /etc/updatedb.conf, and found the encrypted partition to be excluded from search:
<code>
cat /etc/updatedb.conf
PRUNE_BIND_
# PRUNENAMES=".git .bzr .hg .svn" PRUNEPATHS="/tmp /var/spool /media /home/.ecryptfs"
PRUNEFS="NFS nfs nfs4 rpc_pipefs afs binfmt_misc proc smbfs autofs iso9660 ncpfs coda devpts ftpfs devfs mfs shfs sysfs cifs lustre_lite tmpfs usbfs udf fuse.glusterfs fuse.sshfs curlftpfs ecryptfs fusesmb devtmpfs"
</code>
I guess I know the reason: Sometimes, knowing the filename, is already a vulnerability. But for some users it might be enough to crypt the content of the files - leaking the names might be ok.
For the rest it would be useful to write the index to the home dir which is encrypted. Maybe this could be made an option, suggested while installing ecryptfs?
Hi Stefan - Thanks for the bug report. As you alluded to, eCryptfs mounts are pruned to prevent leaking the plaintext filenames to unencrypted storage.
The updatedb man page has an example of how someone could create a private mlocate database in a location of their choice. The -d option of mlocate would then need to be used to point to the private database, as well as the public database. This could be done with a bash alias or something similar.
This is not something that I'm interested in rolling out to all encrypted home users at this time. I think the need for a private mlocate database is probably rather low and those users can follow the steps that I mentioned above. I'm marking as Won't Fix for that reason.