2012-06-05 20:42:45 |
Stefan Beller |
bug |
|
|
added bug |
2012-06-06 23:17:03 |
Tyler Hicks |
bug task added |
|
ecryptfs |
|
2012-06-06 23:17:24 |
Tyler Hicks |
ecryptfs: status |
New |
In Progress |
|
2012-06-06 23:24:34 |
Tyler Hicks |
visibility |
private |
public |
|
2012-06-06 23:24:55 |
Tyler Hicks |
security vulnerability |
yes |
no |
|
2012-06-06 23:25:09 |
Tyler Hicks |
bug task added |
|
linux (Ubuntu) |
|
2012-06-06 23:25:23 |
Tyler Hicks |
linux (Ubuntu): status |
New |
Confirmed |
|
2012-06-06 23:26:45 |
Tyler Hicks |
ecryptfs-utils (Ubuntu): status |
New |
Invalid |
|
2012-06-06 23:26:50 |
Tyler Hicks |
ecryptfs: assignee |
|
Tyler Hicks (tyhicks) |
|
2012-06-06 23:27:48 |
Tyler Hicks |
summary |
ACL not working properly |
Default ACL masks not working properly in eCryptfs |
|
2012-06-06 23:30:14 |
Tyler Hicks |
description |
Originally discovered when installing latest git from original sources,
see discussion here http://marc.info/?t=133882478900001&r=1&w=2
cat /proc/version_signature
Ubuntu 3.2.0-25.40-generic 3.2.18
From the mailing list:
------------------------------------------
OK, here's the _real_ issue. Git creates with mode 0444, which should
still allow read in the mask. But it's the restrictive umask at the top
of the test script that causes the problem. Try this:
setfacl -m m:rwx .
perl -MFcntl -e 'sysopen(X, "a", O_WRONLY|O_CREAT, 0444)'
umask 077
perl -MFcntl -e 'sysopen(X, "b", O_WRONLY|O_CREAT, 0444)'
getfacl a b
On ext4, both files will have the read bit set in the mask. On ecryptfs,
"b" will have an empty mask. I think the wrong thing is that we should
not be respecting umask at all when default ACLs are in play, and
ecryptfs is getting that wrong. But I'm having trouble digging up an
authoritative source.
-Peff
---
Reading the withdrawn posix 1003.1e and "man 5 acl", it seems pretty
clear that if a default ACL is present, it should be used, and umask
consulted only if it is not (so the umask should not be making a
difference in this case).
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: ecryptfs-utils 96-0ubuntu3
ProcVersionSignature: Ubuntu 3.2.0-25.40-generic 3.2.18
Uname: Linux 3.2.0-25-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu9
Architecture: amd64
Date: Tue Jun 5 22:37:36 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
SourcePackage: ecryptfs-utils
UpgradeStatus: Upgraded to precise on 2012-02-18 (108 days ago) |
Originally discovered when installing latest git from original sources,
see discussion here http://marc.info/?t=133882478900001&r=1&w=2
cat /proc/version_signature
Ubuntu 3.2.0-25.40-generic 3.2.18
Test case from Jeff King (the setfacl command was incorrect in the original email from Jeff):
setfacl -dm m:rwx .
perl -MFcntl -e 'sysopen(X, "a", O_WRONLY|O_CREAT, 0444)'
umask 077
perl -MFcntl -e 'sysopen(X, "b", O_WRONLY|O_CREAT, 0444)'
getfacl a b
On ext4, both files will have the read bit set in the mask. On ecryptfs,
"b" will have an empty mask.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: ecryptfs-utils 96-0ubuntu3
ProcVersionSignature: Ubuntu 3.2.0-25.40-generic 3.2.18
Uname: Linux 3.2.0-25-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu9
Architecture: amd64
Date: Tue Jun 5 22:37:36 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
SourcePackage: ecryptfs-utils
UpgradeStatus: Upgraded to precise on 2012-02-18 (108 days ago) |
|
2012-06-06 23:56:16 |
Tyler Hicks |
description |
Originally discovered when installing latest git from original sources,
see discussion here http://marc.info/?t=133882478900001&r=1&w=2
cat /proc/version_signature
Ubuntu 3.2.0-25.40-generic 3.2.18
Test case from Jeff King (the setfacl command was incorrect in the original email from Jeff):
setfacl -dm m:rwx .
perl -MFcntl -e 'sysopen(X, "a", O_WRONLY|O_CREAT, 0444)'
umask 077
perl -MFcntl -e 'sysopen(X, "b", O_WRONLY|O_CREAT, 0444)'
getfacl a b
On ext4, both files will have the read bit set in the mask. On ecryptfs,
"b" will have an empty mask.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: ecryptfs-utils 96-0ubuntu3
ProcVersionSignature: Ubuntu 3.2.0-25.40-generic 3.2.18
Uname: Linux 3.2.0-25-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu9
Architecture: amd64
Date: Tue Jun 5 22:37:36 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
SourcePackage: ecryptfs-utils
UpgradeStatus: Upgraded to precise on 2012-02-18 (108 days ago) |
Originally discovered when installing latest git from original sources,
see discussion here http://marc.info/?t=133882478900001&r=1&w=2
cat /proc/version_signature
Ubuntu 3.2.0-25.40-generic 3.2.18
This bug is exposed when the eCryptfs mount options do not include '-o acl', but the lower filesystem's mount options do include the 'acl'. This results in the MS_POSIXACL flag *not* being set in the eCryptfs super_block.s_flags. This flag is what the VFS checks in do_last() when deciding if the current umask should be applied to a newly created inode's mode or not. When POSIX acl's are in use, the umask is incorrectly applied to new eCryptfs inodes.
Test case from Jeff King (the setfacl command was incorrect in the original email from Jeff):
setfacl -dm m:rwx .
perl -MFcntl -e 'sysopen(X, "a", O_WRONLY|O_CREAT, 0444)'
umask 077
perl -MFcntl -e 'sysopen(X, "b", O_WRONLY|O_CREAT, 0444)'
getfacl a b
On ext4, both files will have the read bit set in the mask. On ecryptfs,
"b" will have an empty mask.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: ecryptfs-utils 96-0ubuntu3
ProcVersionSignature: Ubuntu 3.2.0-25.40-generic 3.2.18
Uname: Linux 3.2.0-25-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu9
Architecture: amd64
Date: Tue Jun 5 22:37:36 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
SourcePackage: ecryptfs-utils
UpgradeStatus: Upgraded to precise on 2012-02-18 (108 days ago) |
|
2012-06-07 00:08:49 |
Tyler Hicks |
description |
Originally discovered when installing latest git from original sources,
see discussion here http://marc.info/?t=133882478900001&r=1&w=2
cat /proc/version_signature
Ubuntu 3.2.0-25.40-generic 3.2.18
This bug is exposed when the eCryptfs mount options do not include '-o acl', but the lower filesystem's mount options do include the 'acl'. This results in the MS_POSIXACL flag *not* being set in the eCryptfs super_block.s_flags. This flag is what the VFS checks in do_last() when deciding if the current umask should be applied to a newly created inode's mode or not. When POSIX acl's are in use, the umask is incorrectly applied to new eCryptfs inodes.
Test case from Jeff King (the setfacl command was incorrect in the original email from Jeff):
setfacl -dm m:rwx .
perl -MFcntl -e 'sysopen(X, "a", O_WRONLY|O_CREAT, 0444)'
umask 077
perl -MFcntl -e 'sysopen(X, "b", O_WRONLY|O_CREAT, 0444)'
getfacl a b
On ext4, both files will have the read bit set in the mask. On ecryptfs,
"b" will have an empty mask.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: ecryptfs-utils 96-0ubuntu3
ProcVersionSignature: Ubuntu 3.2.0-25.40-generic 3.2.18
Uname: Linux 3.2.0-25-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu9
Architecture: amd64
Date: Tue Jun 5 22:37:36 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
SourcePackage: ecryptfs-utils
UpgradeStatus: Upgraded to precise on 2012-02-18 (108 days ago) |
Originally discovered when installing latest git from original sources,
see discussion here http://marc.info/?t=133882478900001&r=1&w=2
This bug is exposed when the eCryptfs mount options do not include '-o acl', but the lower filesystem's mount options do include 'acl'. This results in the MS_POSIXACL flag *not* being set in the eCryptfs super_block.s_flags. This flag is what the VFS checks in do_last() when deciding if the current umask should be applied to a newly created inode's mode or not. When a default POSIX ACL mask is set on a directory, the current umask is incorrectly applied to new inodes created in the directory.
A simple test case was added to the ecryptfs-utils tree in tests/kernel/lp-1009207.sh:
http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/693
Test case from Jeff King (the setfacl command was incorrect in the original email from Jeff):
setfacl -dm m:rwx .
perl -MFcntl -e 'sysopen(X, "a", O_WRONLY|O_CREAT, 0444)'
umask 077
perl -MFcntl -e 'sysopen(X, "b", O_WRONLY|O_CREAT, 0444)'
getfacl a b
On ext4, both files will have the read bit set in the mask. On ecryptfs,
"b" will have an empty mask.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: ecryptfs-utils 96-0ubuntu3
ProcVersionSignature: Ubuntu 3.2.0-25.40-generic 3.2.18
Uname: Linux 3.2.0-25-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu9
Architecture: amd64
Date: Tue Jun 5 22:37:36 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
SourcePackage: ecryptfs-utils
UpgradeStatus: Upgraded to precise on 2012-02-18 (108 days ago) |
|
2012-06-07 00:10:15 |
Tyler Hicks |
removed subscriber Ubuntu Security Team |
|
|
|
2012-06-08 02:35:52 |
Tyler Hicks |
ecryptfs: importance |
Undecided |
Medium |
|
2012-06-12 12:43:23 |
C de-Avillez |
bug |
|
|
added subscriber C de-Avillez |
2012-08-02 20:01:11 |
Tyler Hicks |
ecryptfs: status |
In Progress |
Fix Committed |
|
2012-08-04 02:46:55 |
Tyler Hicks |
ecryptfs: status |
Fix Committed |
Fix Released |
|
2012-08-06 18:24:42 |
Tim Gardner |
nominated for series |
|
Ubuntu Quantal |
|
2012-08-06 18:24:42 |
Tim Gardner |
bug task added |
|
ecryptfs-utils (Ubuntu Quantal) |
|
2012-08-06 18:24:42 |
Tim Gardner |
bug task added |
|
linux (Ubuntu Quantal) |
|
2012-08-06 20:16:37 |
Tim Gardner |
nominated for series |
|
Ubuntu Natty |
|
2012-08-06 20:16:37 |
Tim Gardner |
bug task added |
|
ecryptfs-utils (Ubuntu Natty) |
|
2012-08-06 20:16:37 |
Tim Gardner |
bug task added |
|
linux (Ubuntu Natty) |
|
2012-08-06 20:16:37 |
Tim Gardner |
nominated for series |
|
Ubuntu Oneiric |
|
2012-08-06 20:16:37 |
Tim Gardner |
bug task added |
|
ecryptfs-utils (Ubuntu Oneiric) |
|
2012-08-06 20:16:37 |
Tim Gardner |
bug task added |
|
linux (Ubuntu Oneiric) |
|
2012-08-06 20:16:37 |
Tim Gardner |
nominated for series |
|
Ubuntu Precise |
|
2012-08-06 20:16:37 |
Tim Gardner |
bug task added |
|
ecryptfs-utils (Ubuntu Precise) |
|
2012-08-06 20:16:37 |
Tim Gardner |
bug task added |
|
linux (Ubuntu Precise) |
|
2012-08-06 20:18:59 |
Tim Gardner |
ecryptfs-utils (Ubuntu Natty): status |
New |
Invalid |
|
2012-08-06 20:19:15 |
Tim Gardner |
ecryptfs-utils (Ubuntu Oneiric): status |
New |
Invalid |
|
2012-08-06 20:19:31 |
Tim Gardner |
ecryptfs-utils (Ubuntu Precise): status |
New |
Invalid |
|
2012-08-06 20:19:52 |
Tim Gardner |
linux (Ubuntu Natty): status |
New |
Fix Committed |
|
2012-08-06 20:19:52 |
Tim Gardner |
linux (Ubuntu Natty): assignee |
|
smokeyking (cking) |
|
2012-08-06 20:20:34 |
Tim Gardner |
linux (Ubuntu Natty): assignee |
smokeyking (cking) |
Colin King (colin-king) |
|
2012-08-06 20:20:56 |
Tim Gardner |
linux (Ubuntu Oneiric): status |
New |
Fix Committed |
|
2012-08-06 20:20:56 |
Tim Gardner |
linux (Ubuntu Oneiric): assignee |
|
Colin King (colin-king) |
|
2012-08-06 20:21:18 |
Tim Gardner |
linux (Ubuntu Precise): status |
New |
Fix Committed |
|
2012-08-06 20:21:18 |
Tim Gardner |
linux (Ubuntu Precise): assignee |
|
Colin King (colin-king) |
|
2012-08-06 20:21:35 |
Tim Gardner |
linux (Ubuntu Quantal): status |
Confirmed |
Fix Committed |
|
2012-08-06 20:21:35 |
Tim Gardner |
linux (Ubuntu Quantal): assignee |
|
Tim Gardner (timg-tpi) |
|
2012-08-06 20:21:49 |
Tim Gardner |
nominated for series |
|
Ubuntu Lucid |
|
2012-08-06 20:21:49 |
Tim Gardner |
bug task added |
|
ecryptfs-utils (Ubuntu Lucid) |
|
2012-08-06 20:21:49 |
Tim Gardner |
bug task added |
|
linux (Ubuntu Lucid) |
|
2012-08-06 20:22:07 |
Tim Gardner |
linux (Ubuntu Lucid): status |
New |
In Progress |
|
2012-08-06 20:22:07 |
Tim Gardner |
linux (Ubuntu Lucid): assignee |
|
Tim Gardner (timg-tpi) |
|
2012-08-06 20:22:23 |
Tim Gardner |
ecryptfs-utils (Ubuntu Lucid): status |
New |
Invalid |
|
2012-08-20 12:15:02 |
Colin Ian King |
linux (Ubuntu Lucid): status |
In Progress |
Fix Committed |
|
2012-08-20 18:52:19 |
Tim Gardner |
linux (Ubuntu Quantal): status |
Fix Committed |
Fix Released |
|
2012-08-20 22:54:21 |
Brad Figg |
tags |
amd64 apport-bug precise |
amd64 apport-bug precise verification-needed-oneiric |
|
2012-08-20 22:54:44 |
Brad Figg |
tags |
amd64 apport-bug precise verification-needed-oneiric |
amd64 apport-bug precise verification-needed-lucid verification-needed-oneiric |
|
2012-08-20 22:54:58 |
Brad Figg |
tags |
amd64 apport-bug precise verification-needed-lucid verification-needed-oneiric |
amd64 apport-bug precise verification-needed-lucid verification-needed-natty verification-needed-oneiric |
|
2012-08-21 09:24:40 |
Colin Ian King |
tags |
amd64 apport-bug precise verification-needed-lucid verification-needed-natty verification-needed-oneiric |
amd64 apport-bug precise verification-done-lucid verification-needed-natty verification-needed-oneiric |
|
2012-08-21 09:27:38 |
Colin Ian King |
tags |
amd64 apport-bug precise verification-done-lucid verification-needed-natty verification-needed-oneiric |
amd64 apport-bug precise verification-done-lucid verification-done-natty verification-needed-oneiric |
|
2012-08-21 09:30:32 |
Colin Ian King |
tags |
amd64 apport-bug precise verification-done-lucid verification-done-natty verification-needed-oneiric |
amd64 apport-bug precise verification-done-lucid verification-done-natty verification-done-oneiric |
|
2012-08-21 09:32:33 |
Luis Henriques |
tags |
amd64 apport-bug precise verification-done-lucid verification-done-natty verification-done-oneiric |
amd64 apport-bug precise verification-done-lucid verification-done-natty verification-done-oneiric verification-needed-precise |
|
2012-08-21 10:04:02 |
Colin Ian King |
tags |
amd64 apport-bug precise verification-done-lucid verification-done-natty verification-done-oneiric verification-needed-precise |
amd64 apport-bug precise verification-done-lucid verification-done-natty verification-done-oneiric verification-done-precise |
|
2012-08-21 12:27:39 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/oneiric-proposed/linux-ti-omap4 |
|
2012-08-21 12:27:49 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-proposed/linux-ti-omap4 |
|
2012-08-21 12:34:29 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-proposed/linux-armadaxp |
|
2012-08-22 03:59:18 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lucid-proposed/linux-ec2 |
|
2012-08-29 22:34:09 |
Launchpad Janitor |
linux (Ubuntu Natty): status |
Fix Committed |
Fix Released |
|
2012-08-29 22:34:09 |
Launchpad Janitor |
cve linked |
|
2012-3400 |
|
2012-09-04 23:46:10 |
Launchpad Janitor |
linux (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
2012-09-05 00:10:15 |
Launchpad Janitor |
linux (Ubuntu Oneiric): status |
Fix Committed |
Fix Released |
|
2012-09-05 00:10:15 |
Launchpad Janitor |
cve linked |
|
2012-2372 |
|
2012-09-05 00:14:09 |
Launchpad Janitor |
linux (Ubuntu Lucid): status |
Fix Committed |
Fix Released |
|
2012-09-05 00:14:09 |
Launchpad Janitor |
cve linked |
|
2012-0044 |
|
2012-09-05 08:33:10 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lucid-proposed/linux-lts-backport-natty |
|
2012-11-14 21:30:44 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/precise-proposed/linux-lowlatency |
|
2013-05-07 17:21:21 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lucid-security/linux-lts-backport-oneiric |
|
2014-01-15 21:39:30 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lucid-updates/linux-lts-backport-oneiric |
|