Ubuntu
ecryptfs-utils package

Access-Your-Private-Data.desktop is not executable

Bug #936093 reported by Tony Mugan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ecryptfs-utils (Ubuntu)
Fix Released
Low
Dustin Kirkland 

Bug Description

The desktop shortcut is not executable in Precise Pangolin.

While it is possible to successfully run ecryptfs-mount-private to mount the Private folder, the desktop shortcut gives an error indicating that this is an "Untrusted application launcher".

See the permissions marked below.

tony@tony-precise:~$ ls -al /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop
-rw-r--r-- 1 root root 220 Feb 17 07:43 /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop

Of course for most situations the Private will automount on login anyway and the shortcut does not matter, but when coupled with likewise-open, the automount is not working and the desktop shortcut is handy.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: ecryptfs-utils 96-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-17.26-generic 3.2.6
Uname: Linux 3.2.0-17-generic x86_64
ApportVersion: 1.91-0ubuntu1
Architecture: amd64
Date: Sun Feb 19 21:54:45 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Alpha amd64 (20111129.1)
ProcEnviron:
 LANGUAGE=en_AU:en
 PATH=(custom, no user)
 LANG=en_AU.UTF-8
 SHELL=/bin/bash
SourcePackage: ecryptfs-utils
UpgradeStatus: Upgraded to precise on 2012-01-27 (22 days ago)

CVE References

Revision history for this message
Tony Mugan (tmugan) wrote :
Revision history for this message
Wesley Wiedenmeier (magicalchicken-deactivatedaccount) wrote :

The problem is the permissions on the .desktop file do not include execute permissions. A quick and easy solution for you would be to run "sudo chmod a+x /usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop". When the .deb is downloaded and extracted, the file in usr/share/ecryptfs-utils/ecryptfs-mount-private.desktop has no execute permissions for any users, where it should have execute permissions for all users.

Changed in ecryptfs-utils (Ubuntu):
status: New → Confirmed
Dustin Kirkland  (kirkland)
Changed in ecryptfs-utils (Ubuntu):
status: Confirmed → In Progress
importance: Undecided → Low
assignee: nobody → Dustin Kirkland (kirkland)
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ecryptfs-utils - 99-0ubuntu1

---------------
ecryptfs-utils (99-0ubuntu1) quantal; urgency=low

  [ Dustin Kirkland ]
  * debian/ecryptfs-utils.postinst: LP: #936093
    - ensure desktop file is executable
  * precise

  [ Wesley Wiedenmeier ]
  * src/utils/mount.ecryptfs.c: LP: #329264
    - remove old hack, that worked around a temporary kernel regression;
      ensure that all mount memory is mlocked

  [ Sebastian Krahmer ]
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #732614
    - drop group privileges in the same places that user privileges are
      dropped
    - check return status of setresuid() calls and return if they fail
    - drop privileges before checking for the existence of
      ~/.ecryptfs/auto-mount to prevent possible file existence leakage
      by a symlink to a path that typically would not be searchable by
      the user
    - drop privileges before reading salt from the rc file to prevent the
      leakage of root's salt and, more importantly, using the incorrect salt
    - discovered, independently, by Vasiliy Kulikov and Sebastian Krahmer
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #1020904
    - after dropping privileges, clear the environment before executing the
      private eCryptfs mount helper
    - discovered by Sebastian Krahmer
  * src/utils/mount.ecryptfs_private.c: LP: #1020904
    - do not allow private eCryptfs mount aliases to contain ".." characters
      as a preventative measure against a crafted file path being used as an
      alias
    - force the MS_NOSUID mount flag to protect against user controlled lower
      filesystems, such as an auto mounted USB drive, that may contain a
      setuid-root binary
      + CVE-2012-3409
    - force the MS_NODEV mount flag
    - after dropping privileges, clear the environment before executing umount
    - discovered by Sebastian Krahmer

  [ Tyler Hicks ]
  * src/libecryptfs/key_management.c: LP: #732614
    - zero statically declared buffers to prevent the leakage of stack
      contents in the case of a short file read
    - discovered by Vasiliy Kulikov
  * src/libecryptfs/module_mgr.c, src/pam_ecryptfs/pam_ecryptfs.c:
    - fix compiler warnings
 -- Dustin Kirkland <email address hidden> Fri, 13 Jul 2012 09:52:36 -0500

Changed in ecryptfs-utils (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.