Comment 8 for bug 1052038

Dustin Kirkland  (kirkland) wrote :

So the only way that the filename key wouldn't get added to the mount options is if sig_fnek is empty after this, in mount.ecryptfs_private.c:

/* Second line, if present, is the filename encryption key signature */
sig_fnek = fetch_sig(pwd->pw_dir, 1, alias);

That function reads ~/.ecryptfs/Private.sig, and loads the first line of that file as the file encryption key, and the second line, if it exists, is the filename encryption key.

We actually call that function twice, once to read the first line, and again to read the second line:

sig = fetch_sig(pwd->pw_dir, 0, alias);
...
sig_fnek = fetch_sig(pwd->pw_dir, 1, alias);

I suppose there's a chance of a race there, if we read one file for the first line, and then a different file for the second one.

This could happen, possibly, if perhaps the home directory was mounted or unmounted in between reads.

We do guard against this, at least in the correct, default installation, where in both cases (mounted and unmounted) ~/.ecryptfs should be a symbolic link to /home/.ecryptfs/$USER/.ecryptfs.