eCryptfs

Merge lp:~nobuto/ecryptfs/verify-wrapped-passphrase into lp:ecryptfs

  1. verify-wrapped-passphrase
  2. Merge into trunk
Proposed by Nobuto Murata
Status: Needs review
Proposed branch: lp:~nobuto/ecryptfs/verify-wrapped-passphrase
Merge into: lp:ecryptfs
Diff against target: 62 lines (+20/-1)
2 files modified
debian/changelog (+3/-1)
src/utils/ecryptfs-verify (+17/-0)
To merge this branch: bzr merge lp:~nobuto/ecryptfs/verify-wrapped-passphrase
Reviewer Review Type Date Requested Status
eCryptfs Pending
Review via email: mp+153846@code.launchpad.net

Description of the change

currently ecryptfs-verify script does not check permission of wrapped-passphrase.

This branch checks existence and permission of wrapped-passphrase.

one possible situation of mistaken permission of wrapped-passphrase is:
 * a user forgot his/her password
 * an admin reset user's login password
 * the admin also created new wrapped-passphrase with stored passphrase and new password by ecryptfs-wrap-passphrase
 * the admin forgot to change permission and left owner of wrapped-passphrase as root:root

then the user cannot read wrapped-passphrase and fails to mount ecryptfs.

To post a comment you must log in.

Unmerged revisions

776. By Nobuto Murata

src/utils/ecryptfs-verify: check existence and permission of
wrapped-passphrase (LP: #1156672)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2013-03-13 18:17:04 +0000
3+++ debian/changelog 2013-03-18 15:47:24 +0000
4@@ -9,6 +9,8 @@
5 [ Nobuto MURATA ]
6 * fix an empty update-notifier window (LP: #1107650)
7 - changes made in Rev.758 was incomplete
8+ * src/utils/ecryptfs-verify: check existence and permission of
9+ wrapped-passphrase (LP: #1156672)
10
11 [ Tyler Hicks ]
12 * doc/manpage/ecryptfs.7:
13@@ -16,7 +18,7 @@
14 mount helper takes a capital 'N' for the answer to y/n questions
15 (LP: #1130460)
16
17- -- Nobuto MURATA <nobuto@ubuntu.com> Thu, 21 Feb 2013 01:56:33 +0900
18+ -- Nobuto MURATA <nobuto@ubuntu.com> Tue, 19 Mar 2013 00:41:03 +0900
19
20 ecryptfs-utils (103) quantal; urgency=low
21
22
23=== modified file 'src/utils/ecryptfs-verify'
24--- src/utils/ecryptfs-verify 2011-09-21 16:55:08 +0000
25+++ src/utils/ecryptfs-verify 2013-03-18 15:47:24 +0000
26@@ -118,6 +118,21 @@
27 fi
28 }
29
30+wrapped_passphrase_valid() {
31+ local w="$1/.ecryptfs/wrapped-passphrase"
32+ if [ -e "$w" ]; then
33+ info "[$w] exists"
34+ else
35+ error "[$w] does not exist"
36+ fi
37+ local owner=$(stat -c "%U" "$w")
38+ if [ "$owner" = "$user" ]; then
39+ info "Ownership [$owner] of [$w] is correct"
40+ else
41+ error "Invalid owner [$owner] of [$w]"
42+ fi
43+}
44+
45 mount_is_home() {
46 local home="$1"
47 local mountfile="$home/.ecryptfs/Private.mnt"
48@@ -218,12 +233,14 @@
49 mountfile_valid "$home"
50 automount_true "$home"
51 mount_is_home "$home"
52+ wrapped_passphrase_valid "$home"
53 ;;
54 check_private)
55 ecryptfs_exists "$home"
56 sigfile_valid "$home"
57 mountfile_valid "$home"
58 mount_is_private "$home"
59+ wrapped_passphrase_valid "$home"
60 ;;
61 check_filenames_encrypted)
62 ecryptfs_exists "$home"

Subscribers

People subscribed via source and target branches