ecryptfs may truncate encrypted passphrase store
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ecryptfs-utils (Ubuntu) |
Fix Released
|
High
|
Dustin Kirkland |
Bug Description
The following scenario leads to a zero byte encrypted passphrase store and therefore likely considerable dataloss:
* Disk runs out of space which causes weird login screen behaviour
* User changes their password with passwd(1) so they can hand the laptop to a support engineer and go to a meeting
* ecryptfs has somehow truncated the encrypted passphrase store and now it is impossible to complete ecryptfs-
I would suggest that ecryptfs write out the encrypted passphrase to a new file and then move it in place, this should separate the act of writing from the act of replacing, so the first step will fail and at least the user will have the passphrase encrypted with their old password. This is sub-optimal, but easier to recover from than a truncated file!
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: ecryptfs-utils 96-0ubuntu3
ProcVersionSign
Uname: Linux 3.2.0-25-generic i686
ApportVersion: 2.0.1-0ubuntu8
Architecture: i386
Date: Wed Jul 4 10:54:47 2012
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release i386 (20110427.1)
ProcEnviron:
LANGUAGE=en_GB:en
TERM=xterm
PATH=(custom, user)
LANG=en_GB.UTF-8
SHELL=/bin/bash
SourcePackage: ecryptfs-utils
UpgradeStatus: Upgraded to precise on 2012-04-11 (83 days ago)
information type: | Public → Public Security |
Status changed to 'Confirmed' because the bug affects multiple users.