encrypted home-directory is not unmounted on logout

Bug #1734541 reported by Jojo on 2017-11-26
300
This bug affects 10 people
Affects Status Importance Assigned to Milestone
gnome-session
New
Undecided
Unassigned
ecryptfs-utils (Debian)
Fix Released
Unknown
ecryptfs-utils (Ubuntu)
Undecided
Unassigned
gdm3 (Ubuntu)
Medium
Unassigned
gnome-session (Ubuntu)
Medium
Unassigned

Bug Description

Current Situation:

If you log out from an user account with an encrypted home directory, it is not automatically unmounted and encrypted again.

Expected behaviour:

If I log out from an user account with an encrypted home directory, Id expect the homedir to be unmounted and encrypted again.
Stepts to reproduce:

    log into an account with encrypted home directory. (lets call it: user)
    Log out again
    log into another account (which has sudo rights, lets call it: user2)

and now enter the following into a terminal:

user2@ubuntu: sudo su
user2@ubuntu: ls -la /home/user

you can see the files of the user

Reasons:
This is a security issue, because as a user you can reasonable expect your data to be safe, if you log out. if you would simply log in as another user but keep your data accessable you would simply switch user, instead of loggin out.
Many users only suspend their laptop while carrying it with them. Logging out and suspending the user expects to have at least the home directory encrypted.

ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: gdm3 3.26.1-3ubuntu2
ProcVersionSignature: Ubuntu 4.13.0-16.19-generic 4.13.4
Uname: Linux 4.13.0-16-generic x86_64
ApportVersion: 2.20.7-0ubuntu3
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Sun Nov 26 16:18:39 2017
EcryptfsInUse: Yes
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=de_DE.UTF-8
 SHELL=/bin/bash
SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)

Jojo (derdiedasjojo) wrote :
information type: Public → Public Security
Changed in gdm3 (Ubuntu):
importance: Undecided → Medium
Changed in gnome-session (Ubuntu):
importance: Undecided → Medium
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in gdm3 (Ubuntu):
status: New → Confirmed
Changed in gnome-session (Ubuntu):
status: New → Confirmed

I confirm this issue is affecting me too.

Sorry, this are my system specs:

Ubuntu 18.04 LTS amd64
GNOME Shell desktop
Ecryptfs IN USE
kernel Linux 4.15.0-22-generic x86_64

Ich bin ebenfalls davon betroffen.
I confirm this issue is affecting me too.

Das ist mein System:
This are my system:

Linux Mint 19 (Beta) 64Bit - based on Ubuntu 18.04
Cinnamon 3.8.4
Ecryptfs in use (Home - directory)
kernel 4.15.0-22-generic x86_64

Wes (wesinator) on 2018-08-20
tags: added: bionic
Changed in ecryptfs-utils (Ubuntu):
status: New → Confirmed
Mikko Rantalainen (mira) wrote :

Still happens with Ubuntu LTS 18.04. I can provide additional info if needed.

Jarno Suni (jarnos) wrote :

The bug seems to be present in 16.04.5, too.

tags: added: xenial
removed: artful
dronus (paul-geisler) wrote :

Still an issue as of today 2020-04-13, for Ubuntu 18.04.

Please set this critical immediately, this is a strong security issue for the use case of multiuser device!

Using a "guest" user to share your device with others is a quite common use case. Everyone would expect that logging out and pass the device to another person would benefit from a eCrypt FS user homdedir setup.

I myself usually log out and set my device to standby on a daily routine. That has me left unprotected by a while now it seems. I usually log out when taking the laptop to unsafe spaces like traveling, conferences and events in public spaces etc. I had expected that logging out would keep my data safe to some level.

As this is a regression too, many already adapted to logout-is-safe behaviour.

dronus (paul-geisler) wrote :

Also don't rely on the "affects me" counter above, as for non-power-users this bug is subtle and undetectable in most cases, leaving them unsafe without knowledge.

Changed in ecryptfs-utils (Debian):
status: Unknown → New
affects: gnome-session-shutdown → gnome-session
Dave J (bigcus) wrote :

Note this was also reported in bug 1637710 back in 2016

tags: removed: xenial
Changed in ecryptfs-utils (Debian):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.