2015-06-30 09:20:31 |
Spasov2015 |
bug |
|
|
added bug |
2015-07-14 13:25:14 |
Spasov2015 |
information type |
Private Security |
Public |
|
2015-07-15 08:47:14 |
Spasov2015 |
description |
http://askubuntu.com/questions/641451/what-is-the-expected-behaviour-for-ecryptfs
I am relatively new GNU/Linux user and currently use Xubuntu 14.04 LTS. I have my main user and I also enabled root account (but not used it and root password is setup).
I am interested in ecryptfs and read lots of articles including these:
http://www.linux-mag.com/id/7568/
Is my encrypted home folder open to other users when I am logged in? > http://askubuntu.com/questions/82538/is-my-encrypted-home-folder-open-to-other-users-when-i-am-logged-in
Why encrypted $HOME files showing to root, how to make it hidden again? > http://askubuntu.com/questions/59381/why-encrypted-home-files-showing-to-root-how-to-make-it-hidden-again
I decided to perform several tests on VM (VirtualBox). I guess what I found must be some bug - security related as this could expose encrypted data to the root user.
Tested:
Ubuntu GNOME 15.04 - desktop i386
Lubuntu 15.04 - desktop i386
Xubuntu 14 LTS - 14.04.2 - desktop amd64
How do I test:
Installation - default with option to encrypt Home folder during installation
I enable root account and create password (http://askubuntu.com/questions/44418/how-to-enable-root-login)
What happens on all of them: I shutdown the machine. Start it. If I first login with root, root cannot see my user's HOME folder/files/ they are encrypted.
* However, what happens on Ubuntu 15 and Lubuntu 15:
If I login to my user, check files, then log off fully, eventually login with root, root can see my user's files. This should be fine if understand correctly the articles above? Or no? If the user's account is logged off, should root still be able to read the files of other users?
* What happens on Xubuntu 14 LTS:
If I login to my user, then I log off, eventually login with root, root CANNOT read my user's home dir/files. No matter how I tries it, if root first, or user first, If the user is logged off, root cannot read the files of my user?
So, what is really the expected behavior? Is this a bug in v15 ?
I can replicate this very easily and with no problem. I really appreciate everyone's opinion and expert words. Thank you! |
I am relatively new GNU/Linux user and currently use Xubuntu 14.04 LTS. I have my main user and I also enabled root account (but not used it and root password is setup).
I am interested in ecryptfs and read lots of articles including these:
http://www.linux-mag.com/id/7568/
Is my encrypted home folder open to other users when I am logged in? > http://askubuntu.com/questions/82538/is-my-encrypted-home-folder-open-to-other-users-when-i-am-logged-in
Why encrypted $HOME files showing to root, how to make it hidden again? > http://askubuntu.com/questions/59381/why-encrypted-home-files-showing-to-root-how-to-make-it-hidden-again
I decided to perform several tests on VM (VirtualBox). I guess what I found must be some bug - security related as this could expose encrypted data to the root user.
Tested:
Ubuntu GNOME 15.04 - desktop i386
Ubuntu MATE 15.04 - desktop i386
Lubuntu 15.04 - desktop i386
Xubuntu 14 LTS - 14.04.2 - desktop amd64
How do I test:
Installation - default with option to encrypt Home folder during installation
I enable root account and create password (http://askubuntu.com/questions/44418/how-to-enable-root-login)
What happens on all of them: I shutdown the machine. Start it.
If I first login with root, root cannot see my user's HOME folder/files/ they are encrypted.
* However, what happens on Ubuntu 15 and Lubuntu 15:
If I login to my user, check files, then log off fully, eventually login with root, root can see my user's files. This should be fine if understand correctly the articles above? Or no? If the user's account is logged off, should root still be able to read the files of other users?
* What happens on Xubuntu 14 LTS:
If I login to my user, then I log off, eventually login with root, root CANNOT read my user's home dir/files. No matter how I tries it, if root first, or user first, If the user is logged off, root cannot read the files of my user?
So, what is really the expected behavior? Is this a bug in v15 ?
I can replicate this very easily and with no problem. I really appreciate everyone's opinion and expert words. Thank you! |
|
2015-07-17 17:55:21 |
Tyler Hicks |
summary |
ecryptfs - encrypted home dir files visible to others |
encrypted home is not being unmounted upon logout |
|
2015-07-17 17:55:53 |
Tyler Hicks |
bug task added |
|
ecryptfs-utils (Ubuntu) |
|
2015-07-17 17:59:40 |
Tyler Hicks |
ecryptfs-utils (Ubuntu): importance |
Undecided |
Medium |
|
2015-07-17 17:59:40 |
Tyler Hicks |
ecryptfs-utils (Ubuntu): status |
New |
Confirmed |
|
2015-07-17 17:59:48 |
Tyler Hicks |
ecryptfs: status |
New |
Confirmed |
|
2015-07-17 17:59:50 |
Tyler Hicks |
ecryptfs: importance |
Undecided |
Medium |
|
2015-07-17 18:24:09 |
Tyler Hicks |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765854 |
|
2015-07-17 18:24:09 |
Tyler Hicks |
bug task added |
|
ecryptfs-utils (Debian) |
|
2015-07-17 19:43:51 |
Bug Watch Updater |
ecryptfs-utils (Debian): status |
Unknown |
New |
|
2015-12-14 17:10:47 |
dllud |
bug |
|
|
added subscriber David Ludovino |
2016-02-13 00:23:28 |
Terry Burton |
bug |
|
|
added subscriber Terry Burton |
2016-04-03 09:02:41 |
doeus |
description |
I am relatively new GNU/Linux user and currently use Xubuntu 14.04 LTS. I have my main user and I also enabled root account (but not used it and root password is setup).
I am interested in ecryptfs and read lots of articles including these:
http://www.linux-mag.com/id/7568/
Is my encrypted home folder open to other users when I am logged in? > http://askubuntu.com/questions/82538/is-my-encrypted-home-folder-open-to-other-users-when-i-am-logged-in
Why encrypted $HOME files showing to root, how to make it hidden again? > http://askubuntu.com/questions/59381/why-encrypted-home-files-showing-to-root-how-to-make-it-hidden-again
I decided to perform several tests on VM (VirtualBox). I guess what I found must be some bug - security related as this could expose encrypted data to the root user.
Tested:
Ubuntu GNOME 15.04 - desktop i386
Ubuntu MATE 15.04 - desktop i386
Lubuntu 15.04 - desktop i386
Xubuntu 14 LTS - 14.04.2 - desktop amd64
How do I test:
Installation - default with option to encrypt Home folder during installation
I enable root account and create password (http://askubuntu.com/questions/44418/how-to-enable-root-login)
What happens on all of them: I shutdown the machine. Start it.
If I first login with root, root cannot see my user's HOME folder/files/ they are encrypted.
* However, what happens on Ubuntu 15 and Lubuntu 15:
If I login to my user, check files, then log off fully, eventually login with root, root can see my user's files. This should be fine if understand correctly the articles above? Or no? If the user's account is logged off, should root still be able to read the files of other users?
* What happens on Xubuntu 14 LTS:
If I login to my user, then I log off, eventually login with root, root CANNOT read my user's home dir/files. No matter how I tries it, if root first, or user first, If the user is logged off, root cannot read the files of my user?
So, what is really the expected behavior? Is this a bug in v15 ?
I can replicate this very easily and with no problem. I really appreciate everyone's opinion and expert words. Thank you! |
Tested:
(ok) Xubuntu 14 LTS - 14.04.2 - desktop amd64
(bug) Ubuntu GNOME 15.04 - desktop i386
(bug) Ubuntu MATE 15.04 - desktop i386
(bug) Lubuntu 15.04 - desktop i386
(bug) Xubuntu 16.04 (fully upgraded on 2016-04-03T10:56:53+02:00) - amd64
How do I test:
Installation - default with option to encrypt Home folder during installation
I shutdown the machine. Start it.
If I first login with root, root cannot see my user's HOME folder/files/ they are encrypted.
* However, what happens on Ubuntu 15.04 and 16.04 (bug):
If I login to my user, check files, then log off fully, eventually login with root, root can see my user's files because /home/_user_/.Private is still mounted.
* What happens on Xubuntu 14.04 (expected behaviour):
If I login to my user, then I log off, eventually login with root, root CANNOT read my user's home dir/files.
I can replicate this very easily and with no problem. I really appreciate everyone's opinion and expert words. Thank you! |
|
2016-05-19 18:21:59 |
cetaceanthropologia |
bug |
|
|
added subscriber cetaceanthropologia |
2016-05-20 08:55:02 |
doeus |
affects |
ecryptfs-utils (Ubuntu) |
systemd (Ubuntu) |
|
2016-06-05 19:57:59 |
Martin Pitt |
summary |
encrypted home is not being unmounted upon logout |
"gpg-agent --daemon" stays after login, causing ecryptfs to not get unmounted |
|
2016-06-05 19:58:06 |
Martin Pitt |
affects |
systemd (Ubuntu) |
gnupg2 (Ubuntu) |
|
2017-01-03 10:52:58 |
Dimitri John Ledkov |
gnupg2 (Ubuntu): assignee |
|
Dimitri John Ledkov (xnox) |
|
2017-01-03 10:53:03 |
Dimitri John Ledkov |
gnupg2 (Ubuntu): milestone |
|
ubuntu-17.02 |
|
2017-01-08 05:08:21 |
Max |
bug |
|
|
added subscriber Max |
2017-02-23 08:07:02 |
Luc Langehegermann |
bug |
|
|
added subscriber Luc Langehegermann |
2021-02-25 07:46:08 |
Bug Watch Updater |
ecryptfs-utils (Debian): status |
New |
Fix Released |
|