Ubuntu
mlocate package

cryfs (& encfs) not prohibited in /etc/updatedb.conf so filenames indexed & visible

Bug #1823518 reported by Brian Foster
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
mlocate (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

The (default) PRUNEFS setting in /etc/updatedb.conf does not contain
either CryFS (fuse.cryfs) or EncFS (<fstype name unknown>). Hence,
the unencrypted filenames (at least) contained within any _mounted_
CryFS/EncFS filesystem will be indexed by updatedb(5), and visible
to essentially everyone by mlocate(1). That is, the names of files
within an encrypted vault can "leak". This may not be desirable;
at the least then, perhaps, the manual page(s) should warn of the
possibility.

Obviously, similar problems may apply to other tools (such as, but not
limited to, glimpse(1) and KDE's baloo), some of which can also index
the contents of files contained within an encrypted vault---clearly a
worse problem. However, the locate tools are, are as far as I'm aware,
much more commonly-installed.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: mlocate 0.26-2ubuntu3.1
ProcVersionSignature: Ubuntu 4.15.0-47.50-generic 4.15.18
Uname: Linux 4.15.0-47-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.6
Architecture: amd64
CurrentDesktop: KDE
Date: Sun Apr 7 11:59:27 2019
InstallationDate: Installed on 2016-10-07 (912 days ago)
InstallationMedia: Kubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
SourcePackage: mlocate
UpgradeStatus: Upgraded to bionic on 2018-08-18 (232 days ago)
modified.conffile..etc.updatedb.conf:
 # updatedb.conf(5) — a configuration file for updatedb(8)
 PRUNE_BIND_MOUNTS="yes"
 # PRUNENAMES=".git .bzr .hg .svn"
 PRUNEPATHS="/tmp /var/spool /media /var/lib/os-prober /var/lib/ceph /home/.ecryptfs /var/lib/schroot /home/blf/.SiriKali /home/blf/Vaults"
 PRUNEFS="NFS nfs nfs4 rpc_pipefs afs binfmt_misc proc smbfs autofs iso9660 ncpfs coda devpts ftpfs devfs devtmpfs fuse.mfs shfs sysfs cifs lustre tmpfs usbfs udf fuse.glusterfs fuse.sshfs curlftpfs ceph fuse.ceph fuse.rozofs ecryptfs fusesmb fuse.cryfs"
mtime.conffile..etc.updatedb.conf: 2019-04-07T11:36:52.592187

Revision history for this message
Brian Foster (blfoster) wrote :
Revision history for this message
Brian Foster (blfoster) wrote :

N.b. The automatically-added (by apport-bug(1)) /etc/updatedb.conf in
     this problem report has been modified by me to exclude both CryFS
     vaults, and also (as an additional precaution), some typically-used
     (by me) mountpoint names.

Revision history for this message
Mike Salvatore (mikesalvatore) wrote :

I think some solution here is needed. There are a lot of encrypted filesystems, and I don't think the /etc/updatedb.conf file should be a curated list of those. Given that both CryFS and EncFS are packaged in Ubuntu, I think it's reasonable that they should be in covered by /etc/updatedb.conf.

information type: Private Security → Public Security
Changed in mlocate (Ubuntu):
status: New → Confirmed
Brian Murray (brian-murray)
Changed in mlocate (Ubuntu):
importance: Undecided → Medium
Francis Ginther (fginther)
tags: added: id-5cb7af6c07a62376bef729f3
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mlocate - 0.26-3ubuntu3

---------------
mlocate (0.26-3ubuntu3) eoan; urgency=medium

  * Generate the database at package install time.
  * Exclude fuse.cryfs and fuse.encfs in updatedb.conf. LP: #1823518.

 -- Steve Langasek <email address hidden> Tue, 16 Jul 2019 15:18:58 -0700

Changed in mlocate (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.