eCryptfs

ecryptfs-verify does not check permission of wrapped-passphrase

Bug #1156672 reported by Nobuto Murata
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eCryptfs
New
Undecided
Unassigned

Bug Description

currently ecryptfs-verify script does not check permission of wrapped-passphrase.

one possible situation of mistaken permission of wrapped-passphrase is:
 * a user forgot his/her password
 * an admin reset user's login password
 * the admin also created new wrapped-passphrase with stored passphrase and new password by ecryptfs-wrap-passphrase
 * the admin forgot to change permission and left owner of wrapped-passphrase as root:root

then the user cannot read wrapped-passphrase and fails to mount ecryptfs.

It would be helpful if ecryptfs-verify also checks permission of wrapped-passphrase.

ecryptfs: 103-0ubuntu2

Related branches

lp:~nobuto/ecryptfs/verify-wrapped-passphrase
Ready for review for merging into lp:ecryptfs
eCryptfs: Pending requested
Diff: 62 lines (+20/-1)
2 files modified
debian/changelog (+3/-1)
src/utils/ecryptfs-verify (+17/-0)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.