[Bug 936822] Re: ureadahead Caches eCryptfs Filesystem Contents
Githlar
936822 at bugs.launchpad.net
Wed Mar 7 08:40:49 UTC 2012
** Description changed:
If you have autologin enabled or you're just a fast typist, ureadahead
has the potential to cache pieces and whole filenames of files in an
eCryptfs filesystem. This is a potential security vulnerability as it
could theoretically provide a cryptanalyst vital pieces of plaintext
data to break the filesystem encryption. It's a big "if" but it's
possible.
- I have attached a patch for /etc/init/ureadahead-other.conf to prevent
- the caching of eCryptfs filesystems.
+ My previous patch is incorrect. Turns out my ureadahead broke somehow,
+ so I thought it was working when it really wasn't.
+
+ The actual problem lies not in /etc/init/ureadahead-other.conf, but in
+ /etc/init/ureadahead.conf. I ended up adding a `post-stop script`
+ section to `wipe` the file after it has been written. But, ideally, the
+ file should never be written at all.
+
+ From what I gathered, ureadahead determines what it should cache by
+ actual system devices, rather than mount points as I had suspected. The
+ problem with this is that eCryptfs mounts
+ /home/.ecryptfs/[user]/.ecryptfs which exists on the same device as /.
+ So, ureadahead assumes that it should cache all these files on the root
+ device (which obviously include /home/.ecryptfs/[user]/.ecryptfs) when
+ invoked as `ureadahead --daemon` as in the /etc/init/ureadahead.conf
+ file.
+
+ The ideal fix to this bug would be either a config file or a parameter
+ for ureadahead that allows excluding of certain paths within a device's
+ filesystem. I would assume this would be possible as ureadahead writes
+ the whole filenames into its pack files.
+
+ I have retracted my patch.
** Patch removed: "ureadahead-other.diff"
https://bugs.launchpad.net/ubuntu/+source/ureadahead/+bug/936822/+attachment/2761312/+files/ureadahead-other.diff
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ureadahead in Ubuntu.
https://bugs.launchpad.net/bugs/936822
Title:
ureadahead Caches eCryptfs Filesystem Contents
Status in “ureadahead” package in Ubuntu:
New
Bug description:
If you have autologin enabled or you're just a fast typist, ureadahead
has the potential to cache pieces and whole filenames of files in an
eCryptfs filesystem. This is a potential security vulnerability as it
could theoretically provide a cryptanalyst vital pieces of plaintext
data to break the filesystem encryption. It's a big "if" but it's
possible.
My previous patch is incorrect. Turns out my ureadahead broke somehow,
so I thought it was working when it really wasn't.
The actual problem lies not in /etc/init/ureadahead-other.conf, but in
/etc/init/ureadahead.conf. I ended up adding a `post-stop script`
section to `wipe` the file after it has been written. But, ideally,
the file should never be written at all.
From what I gathered, ureadahead determines what it should cache by
actual system devices, rather than mount points as I had suspected.
The problem with this is that eCryptfs mounts
/home/.ecryptfs/[user]/.ecryptfs which exists on the same device as /.
So, ureadahead assumes that it should cache all these files on the
root device (which obviously include /home/.ecryptfs/[user]/.ecryptfs)
when invoked as `ureadahead --daemon` as in the
/etc/init/ureadahead.conf file.
The ideal fix to this bug would be either a config file or a parameter
for ureadahead that allows excluding of certain paths within a
device's filesystem. I would assume this would be possible as
ureadahead writes the whole filenames into its pack files.
I have retracted my patch.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ureadahead/+bug/936822/+subscriptions
More information about the foundations-bugs
mailing list