Ubuntu
ecryptfs-utils package

ecryptfs-setup-private should validate that the login password is correct

Bug #287906 reported by Dustin Kirkland  on 2008-10-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	ecryptfs-utils (Ubuntu)	Fix Released	High	Dustin Kirkland 
Nominated for Intrepid by Dustin Kirkland 

Bug Description

Binary package hint: ecryptfs-utils

ecryptfs-setup-private should validate that the login password is correct.

Bug #259631 sort of exposed this bug. Somewhere buried in there, we have a user who enters the wrong login password. If they enter the same wrong password twice, ecryptfs-setup-private proceeds to use it.

This can be fixed with unix_chkpwd.

:-Dustin

Related branches

lp:ubuntu/lucid/ecryptfs-utils

Dustin Kirkland  (kirkland) on 2008-10-23

Changed in ecryptfs-utils:
assignee:	nobody → kirkland
importance:	Undecided → High
status:	New → In Progress

Revision history for this message

Dustin Kirkland  (kirkland) wrote on 2008-10-23:

ecryptfs-utils.287906.patch Edit (874 bytes, text/x-diff)

The patch to solve this looks something like this, for these two utilities.

The rest of the ecryptfs-* utilities should be fixed as well, in one fail swoop.

:-Dustin

Revision history for this message

Dustin Kirkland  (kirkland) wrote on 2008-10-23:

ecryptfs-utils.debdiff Edit (5.9 KiB, text/plain)

Attached debdiff solves this bug, as well as bug #287908.

Requesting sponsorship prior to Intrepid GA.

:-Dustin

Revision history for this message

Dustin Kirkland  (kirkland) wrote on 2008-10-23:

ecryptfs-utils.debdiff Edit (5.9 KiB, text/plain)

Updated debdiff.

:-Dustin

Revision history for this message

Dustin Kirkland  (kirkland) wrote on 2008-10-23:

ecryptfs-utils.debdiff Edit (5.9 KiB, text/plain)

Updated debdiff.

:-Dustin

Revision history for this message

Dustin Kirkland  (kirkland) wrote on 2008-10-23:

ecryptfs-utils.debdiff Edit (5.8 KiB, text/plain)

Updated debdiff. Thoroughly tested:

* ecryptfs-add-passphrase:
- tested with no and bad parameters, still shows usage statement
  - regression tested with command line parameters, and using stdin
  - verified that passphrase makes it into the keyring
   . check with "keyctl show"
   . clear with "keyctl clear @u")
- tested adding arbitrary trailing new line characters and no newline character
   . verifying fgets() is working as expected

* ecryptfs-wrap-passphrase:
  - tested with no and bad parameters, still shows usage statement
  - regression tested with command line parameters, and using stdin
  - verify that the passphrase get's encrypted
   . cat encrypted file
  - verify that the passphrase can be decrypted with the encryption passphrase
   . ecryptfs-unwrap-passphrase

* ecryptfs-setup-private
- tested with good and bad passphrases
- tested on the command line, and interactively
- unwrapped the passphrases written by ecryptfs-setup-private
- mounted/unmounted
- logged out, mounted/unmounted
- rebooted, mounted/unmounted

:-Dustin

Revision history for this message

Launchpad Janitor (janitor) wrote on 2008-10-24:

This bug was fixed in the package ecryptfs-utils - 53-1ubuntu11

---------------
ecryptfs-utils (53-1ubuntu11) intrepid; urgency=low

  * debian/patches/55_check_password_and_remove_from_proc.dpatch:
    Fix ecryptfs-add-passphrase and ecryptfs-wrap-passphrase to take
    passphrases on standard, to protect from disclosure on the process
    table; fix callers in ecryptfs-setup-private (LP: #287908).
    Validate that the user password is correct with unix_chkpwd (LP: #287906).
  * debian/patches/00list: updated accordingly