Activity log for bug #1663084

Date Who What changed Old value New value Message
2017-02-09 01:13:09 Taylor Raack bug added bug
2017-02-09 01:18:34 Taylor Raack description I've recently found that encfs converts absolute symlinks into relative symlinks, which isn't good. To reproduce: # remove old runs rm -rf /tmp/source fusermount -u /tmp/decrypted fusermount -u /tmp/encrypted # setup mkdir -p /tmp/source /tmp/encrypted /tmp/decrypted ln -s /etc/linkedfile /tmp/source/absolute-link # encrypt /tmp/source into /tmp/encrypted encfs --standard --reverse -o ro /tmp/source /tmp/encrypted # decrypt /tmp/encrypted into /tmp/decrypted ENCFS6_CONFIG=/tmp/source/.encfs6.xml encfs --standard /tmp/encrypted /tmp/decrypted echo "Now see how the absolute symlink in the source directory (absolute-link -> /etc/linkedfile) has been turned into a relative symlink in the decrypted directory (absolute-link -> /etc/linkedfile)..." echo "" echo "Source directory list (see symlink is absolute)" ls -al /tmp/source echo "" echo "Encrypted directory list" ls -al /tmp/encrypted echo "" echo "Decrypted directory list (see symlink has been mangled into a relative link, rather than an absolute link)" ls -al /tmp/decrypted This will show: Creating new encrypted volume. Standard configuration selected. --reverse specified, not using unique/chained IV Configuration finished. The filesystem to be created has the following properties: Filesystem cipher: "ssl/aes", version 3:0:2 Filename encoding: "nameio/block", version 3:0:1 Key Size: 192 bits Block Size: 1024 bytes File holes passed through to ciphertext. Now you will need to enter a password for your filesystem. You will need to remember this password, as there is absolutely no recovery mechanism. However, the password can be changed later using encfsctl. New Encfs Password: Verify Encfs Password: EncFS Password: Now see how the absolute symlink in the source directory (absolute-link -> /etc/linkedfile) has been turned into a relative symlink in the decrypted directory (absolute-link -> /etc/linkedfile)... Source directory list (see symlink is absolute) total 2160 drwx------ 2 traack dialout 4096 Jan 23 21:03 . drwxrwxrwt 18 root root 2199552 Jan 23 21:03 .. lrwxrwxrwx 1 traack dialout 15 Jan 23 21:03 absolute-link -> /etc/linkedfile -rw------- 1 traack dialout 1078 Jan 23 21:03 .encfs6.xml Encrypted directory list ls: /tmp/encrypted/F1eFQbB,bUUGPNt3WInPxLmu: No such file or directory total 2160 drwx------ 2 traack dialout 4096 Jan 23 21:03 . drwxrwxrwt 18 root root 2199552 Jan 23 21:03 .. lrwxrwxrwx 1 traack dialout 49 Jan 23 21:03 F1eFQbB,bUUGPNt3WInPxLmu -> w4VeHU6C9a23mKMup7sCS7rW/ZFJ1rQnkGjx,FD-nkHTx5ZYP -rw------- 1 traack dialout 1078 Jan 23 21:03 OdLgnM7TBEPG0naHpgxKJLvE Decrypted directory list (see symlink has been mangled into a relative link, rather than an absolute link) ls: /tmp/decrypted/absolute-link: No such file or directory total 2160 drwx------ 2 traack dialout 4096 Jan 23 21:03 . drwxrwxrwt 18 root root 2199552 Jan 23 21:03 .. lrwxrwxrwx 1 traack dialout 14 Jan 23 21:03 absolute-link -> etc/linkedfile -rw------- 1 traack dialout 1078 Jan 23 21:03 .encfs6.xml ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: encfs 1.7.4-2.4ubuntu2 ProcVersionSignature: Ubuntu 3.13.0-108.155-generic 3.13.11-ckt39 Uname: Linux 3.13.0-108-generic i686 NonfreeKernelModules: zfs zunicode zcommon znvpair zavl ApportVersion: 2.14.1-0ubuntu3.23 Architecture: i386 CurrentDesktop: Unity Date: Wed Feb 8 17:10:15 2017 EcryptfsInUse: Yes InstallationDate: Installed on 2010-07-26 (2389 days ago) InstallationMedia: Ubuntu-Netbook 10.04 "Lucid Lynx" - Release i386 (20100429.4) SourcePackage: encfs UpgradeStatus: Upgraded to trusty on 2014-09-08 (885 days ago) I've recently found that encfs converts absolute symlinks into relative symlinks, which isn't good. [Impact] All users using encfs to encrypt and decrypt absolute symlinks will work correctly, and will not fail silently. [Test Case] # remove old runs rm -rf /tmp/source fusermount -u /tmp/decrypted fusermount -u /tmp/encrypted # setup mkdir -p /tmp/source /tmp/encrypted /tmp/decrypted ln -s /etc/linkedfile /tmp/source/absolute-link # encrypt /tmp/source into /tmp/encrypted encfs --standard --reverse -o ro /tmp/source /tmp/encrypted # decrypt /tmp/encrypted into /tmp/decrypted ENCFS6_CONFIG=/tmp/source/.encfs6.xml encfs --standard /tmp/encrypted /tmp/decrypted echo "Now see how the absolute symlink in the source directory (absolute-link -> /etc/linkedfile) has been turned into a relative symlink in the decrypted directory (absolute-link -> /etc/linkedfile)..." echo "" echo "Source directory list (see symlink is absolute)" ls -al /tmp/source echo "" echo "Encrypted directory list" ls -al /tmp/encrypted echo "" echo "Decrypted directory list (see symlink has been mangled into a relative link, rather than an absolute link)" ls -al /tmp/decrypted This will show: Creating new encrypted volume. Standard configuration selected. --reverse specified, not using unique/chained IV Configuration finished. The filesystem to be created has the following properties: Filesystem cipher: "ssl/aes", version 3:0:2 Filename encoding: "nameio/block", version 3:0:1 Key Size: 192 bits Block Size: 1024 bytes File holes passed through to ciphertext. Now you will need to enter a password for your filesystem. You will need to remember this password, as there is absolutely no recovery mechanism. However, the password can be changed later using encfsctl. New Encfs Password: Verify Encfs Password: EncFS Password: Now see how the absolute symlink in the source directory (absolute-link -> /etc/linkedfile) has been turned into a relative symlink in the decrypted directory (absolute-link -> /etc/linkedfile)... Source directory list (see symlink is absolute) total 2160 drwx------ 2 traack dialout 4096 Jan 23 21:03 . drwxrwxrwt 18 root root 2199552 Jan 23 21:03 .. lrwxrwxrwx 1 traack dialout 15 Jan 23 21:03 absolute-link -> /etc/linkedfile -rw------- 1 traack dialout 1078 Jan 23 21:03 .encfs6.xml Encrypted directory list ls: /tmp/encrypted/F1eFQbB,bUUGPNt3WInPxLmu: No such file or directory total 2160 drwx------ 2 traack dialout 4096 Jan 23 21:03 . drwxrwxrwt 18 root root 2199552 Jan 23 21:03 .. lrwxrwxrwx 1 traack dialout 49 Jan 23 21:03 F1eFQbB,bUUGPNt3WInPxLmu -> w4VeHU6C9a23mKMup7sCS7rW/ZFJ1rQnkGjx,FD-nkHTx5ZYP -rw------- 1 traack dialout 1078 Jan 23 21:03 OdLgnM7TBEPG0naHpgxKJLvE Decrypted directory list (see symlink has been mangled into a relative link, rather than an absolute link) ls: /tmp/decrypted/absolute-link: No such file or directory total 2160 drwx------ 2 traack dialout 4096 Jan 23 21:03 . drwxrwxrwt 18 root root 2199552 Jan 23 21:03 .. lrwxrwxrwx 1 traack dialout 14 Jan 23 21:03 absolute-link -> etc/linkedfile -rw------- 1 traack dialout 1078 Jan 23 21:03 .encfs6.xml [Regression Potential] Likely to be low ----------------------------- ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: encfs 1.7.4-2.4ubuntu2 ProcVersionSignature: Ubuntu 3.13.0-108.155-generic 3.13.11-ckt39 Uname: Linux 3.13.0-108-generic i686 NonfreeKernelModules: zfs zunicode zcommon znvpair zavl ApportVersion: 2.14.1-0ubuntu3.23 Architecture: i386 CurrentDesktop: Unity Date: Wed Feb 8 17:10:15 2017 EcryptfsInUse: Yes InstallationDate: Installed on 2010-07-26 (2389 days ago) InstallationMedia: Ubuntu-Netbook 10.04 "Lucid Lynx" - Release i386 (20100429.4) SourcePackage: encfs UpgradeStatus: Upgraded to trusty on 2014-09-08 (885 days ago)