[Bug 260346] [NEW] ecryptfs-setup-private should check that Private and .Private are empty
Launchpad Bug Tracker
260346 at bugs.launchpad.net
Thu Feb 17 09:20:10 UTC 2011
You have been subscribed to a public bug by Daniel Holbach (dholbach):
Binary package hint: ecryptfs-utils
ecryptfs-setup-private should check that Private and .Private are empty
before setting up.
If data already exists in ~/Private, and pam_ecryptfs regularly performs
a mount on top of it, then the that data would be hidden from view, and
not encrypted (as the user might expect).
If data already exists in ~/.Private, then that's likely encrypted data,
which will probably not be readable once we generate a new mounting
passphrase, etc.
Thus, we need to stop ecryptfs-setup-private and tell the user to clear
out those directories before proceeding.
*** Note, it would be very nice to provide a utility to "encrypt" the
existing data in place, in an existing Private directory. Would could
uses something like "rsync -a" to copy the data to a tempdir, perform
the ecryptfs mount, and then sync the data back into place. However,
all sorts of race conditions could occur, with other processes
potentially reading/writing data during the "encryption migration"--a
much harder problem to solve than it initially seems.
:-Dustin
** Affects: ecryptfs-utils (Ubuntu)
Importance: Medium
Assignee: Dustin Kirkland (kirkland)
Status: Fix Released
--
ecryptfs-setup-private should check that Private and .Private are empty
https://bugs.launchpad.net/bugs/260346
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is a direct subscriber.
More information about the Ubuntu-sponsors
mailing list