ecryptfs-recover-private cannot recover the specified directory if its parent directory is the same with <Private> directory's parent

Bug #1694010 reported by Jason Xing
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
eCryptfs
New
Undecided
Jason Xing

Bug Description

Reproduce case:
Notice: use 123 as the LOGIN-PASSPHRASE, use 456 as MOUNT-PASSPHRASE
1. Install Ubuntu 14.04 without enabling encrypt-home-directory option.
2. Execute "ecryptfs-setup-private" command successfully and it then create <Private> and <.ecryptfs> directory in /home/Jason/ path.
3. Create <secure> and <raw> directory in /home/Jason. Then Execute "sudo mount -t ecryptfs secure raw" to mount. Put <test_file> file into <raw> and <Private> directory separately.
4. I'm going to try to recover /home/Jason/secure directory with "ecryptfs-recover-private /home/Jason/" command.
5. User will be prompted with "INFO: Found your wrapped-passphrase Do you know your LOGIN passphrase? [Y/n]" information. As you know, user should be prompted to enter the MOUNT-PASSPHRASE not the LOGIN-PASSPHRASE. Thus, no matter what passphrase(123 or 456) user enters, user cannot obtain the decrypted file (because if user enters 123, the system will mount <secure> to /tmp/ecryptfs.xxxxxx with passphrase 123, the system cannot decrypt it obviously. If user enters 456, the system cannot unwrap passphrase. It goes wrong.).

IF user wants to recover <secure> directory, user should enter "n" as system prompts "Do you know your LOGIN passphrase? [Y/n]". Then system will prompt MOUNT-PASSPHRASE to enter. User could easily and successfully read <test_file> with entering 456 as MOUNT-PASSPHRASE.

Explanation:
System will search <.ecryptfs> in the <secure>'s parent directory and then it can look up successfully without any doubt, because <Private> and <secure> are stored in the same directory(/home/Jason). But the <.ecryptfs> has nothing to do with <secure>.

Revision history for this message
Jason Xing (wlxing) wrote :

I'm going to assign this bug to me and fix this issue only by adding some if statement.

Changed in ecryptfs:
assignee: nobody → Jason Xing (wlxing)
Revision history for this message
Jason Xing (wlxing) wrote :

I'm confused that this command is used to recover private directory(interactive mount), not to recover the encrypted directory(sudo mount -t ecryptfs secure raw). But it can be applied in the latter case.

Could someone give some advice?

Changed in ecryptfs:
status: New → Opinion
status: Opinion → New
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.