Comment 0 for bug 1052038

Nobuto Murata (nobuto) wrote :

when login at the same time on cron session close, ecryptfs directory will not be decrypted properly.

IMPACT:
 * folder/file names created by users at the session are unencrypted
 * in desktop session, xdg-user-dirs-gtk-update or other programs creates
   "Desktop", "Download", etc. with unencrypted folder names
   even if encrypted folders with the same name exist.
   On the next login, unencrypted one will be shown with empty content,
   so users feel all data was lost, in spite of actual data is in encrypted one.

Bug #623708 has quite similar symptom.

How to reproduce:
 1. setup a home directory encrypted with ecryptfs
 2. set cron job of a user,
    for example, just sleeping for 1 minutes
    /etc/cron.d/ecryptfs-test
    "*/2 * * * * user1 sleep 1m"

 3. login at the same time on cron session closed
     for example, login near 00 second in odd minute.
    ==========
    Sep 17 23:32:56 ecryptfs-test login[6019]: pam_ecryptfs: Passphrase file wrapped
    Sep 17 23:33:01 ecryptfs-test CRON[6003]: pam_unix(cron:session): session closed for user user1
    Sep 17 23:33:02 ecryptfs-test login[6012]: pam_unix(login:session): session opened for user user1 by user1(uid=0)
    ==========

Expected results:
 home directory mounted properly

 * mount -l
   /home/user1/.Private on /home/user1 type ecryptfs (ecryptfs_check_dev_ruid,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs,ecryptfs_sig=ab224e5125be6655,ecryptfs_fnek_sig=9cb9226b29f1b007)

 * keyctl show
    Session Keyring
           -3 --alswrv 1000 -1 keyring: _uid_ses.1000
    311854780 --alswrv 1000 -1 \_ keyring: _uid.1000
    110408274 --alswrv 1000 0 \_ user: 9cb9226b29f1b007
    923006627 --alswrv 1000 0 \_ user: ab224e5125be6655

Actual results:
 home directory mounted without folder/file names are decrypted

 * mount -l
   /home/user1/.Private on /home/user1 type ecryptfs (ecryptfs_check_dev_ruid,ecryptfs_cipher=aes,ecryptfs_key_bytes=16,ecryptfs_unlink_sigs,ecryptfs_sig=ab224e5125be6655)

 * keyctl show
    Session Keyring
           -3 --alswrv 1000 -1 keyring: _uid_ses.1000
    311854780 --alswrv 1000 -1 \_ keyring: _uid.1000
     71413043 --alswrv 1000 0 \_ user: ab224e5125be6655

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: ecryptfs-utils 96-0ubuntu3
ProcVersionSignature: Ubuntu 3.2.0-30.48-generic 3.2.27
Uname: Linux 3.2.0-30-generic x86_64
ApportVersion: 2.0.1-0ubuntu13
Architecture: amd64
Date: Tue Sep 18 00:21:00 2012
InstallationMedia: Ubuntu 12.04.1 LTS "Precise Pangolin" - Release amd64 (20120823.1)
ProcEnviron:
 TERM=screen-bce
 LANG=ja_JP.UTF-8
 SHELL=/bin/bash
SourcePackage: ecryptfs-utils
UpgradeStatus: No upgrade log present (probably fresh install)