Comment 2 for bug 1470030
Revision history for this message
| Tyler Hicks (tyhicks) wrote Re: ecryptfs - encrypted home dir files visible to others | #2 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Hello and thanks for the bug report!
There is no possible way to prevent root from reading your encrypted files once you've performed an eCryptfs mount. The mount encryption key, derived from your login password, has been stored in memory that root can access. The file contents are decrypted, upon applications performing read() operations, and stored in the memory of userspace processes and in the kernel page cache. Root can access both of those areas of memory.
When you use eCryptfs on a system, you are fully trusting that the admins of that system will not save off your key or read your file contents from memory. There is simply no way around it.
However, it sounds like you may have discovered a bug in the unmounting logic of the encrypted home directory. I'll see if I can detect a change of behaviour between releases. Thanks!