encrypted home-directory is not unmounted on logout
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| gnome-session |
New
|
Undecided
|
Unassigned | |
| ecryptfs-utils (Debian) |
New
|
Unknown
|
||
| ecryptfs-utils (Ubuntu) |
Undecided
|
Unassigned | ||
| gdm3 (Ubuntu) |
Medium
|
Unassigned | ||
| gnome-session (Ubuntu) |
Medium
|
Unassigned |
Bug Description
Current Situation:
If you log out from an user account with an encrypted home directory, it is not automatically unmounted and encrypted again.
Expected behaviour:
If I log out from an user account with an encrypted home directory, Id expect the homedir to be unmounted and encrypted again.
Stepts to reproduce:
log into an account with encrypted home directory. (lets call it: user)
Log out again
log into another account (which has sudo rights, lets call it: user2)
and now enter the following into a terminal:
user2@ubuntu: sudo su
user2@ubuntu: ls -la /home/user
you can see the files of the user
Reasons:
This is a security issue, because as a user you can reasonable expect your data to be safe, if you log out. if you would simply log in as another user but keep your data accessable you would simply switch user, instead of loggin out.
Many users only suspend their laptop while carrying it with them. Logging out and suspending the user expects to have at least the home directory encrypted.
ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: gdm3 3.26.1-3ubuntu2
ProcVersionSign
Uname: Linux 4.13.0-16-generic x86_64
ApportVersion: 2.20.7-0ubuntu3
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Sun Nov 26 16:18:39 2017
EcryptfsInUse: Yes
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
XDG_RUNTIME_
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: gdm3
UpgradeStatus: No upgrade log present (probably fresh install)
Jojo (derdiedasjojo) wrote : | #1 |
information type: | Public → Public Security |
Changed in gdm3 (Ubuntu): | |
importance: | Undecided → Medium |
Changed in gnome-session (Ubuntu): | |
importance: | Undecided → Medium |
Launchpad Janitor (janitor) wrote : | #2 |
Changed in gdm3 (Ubuntu): | |
status: | New → Confirmed |
Changed in gnome-session (Ubuntu): | |
status: | New → Confirmed |
Star Man (starman) wrote : | #4 |
I confirm this issue is affecting me too.
Star Man (starman) wrote : | #5 |
Sorry, this are my system specs:
Ubuntu 18.04 LTS amd64
GNOME Shell desktop
Ecryptfs IN USE
kernel Linux 4.15.0-22-generic x86_64
Ich bin ebenfalls davon betroffen.
I confirm this issue is affecting me too.
Das ist mein System:
This are my system:
Linux Mint 19 (Beta) 64Bit - based on Ubuntu 18.04
Cinnamon 3.8.4
Ecryptfs in use (Home - directory)
kernel 4.15.0-22-generic x86_64
tags: | added: bionic |
Changed in ecryptfs-utils (Ubuntu): | |
status: | New → Confirmed |
Mikko Rantalainen (mira) wrote : | #7 |
Still happens with Ubuntu LTS 18.04. I can provide additional info if needed.
Jarno Suni (jarnos) wrote : | #8 |
The bug seems to be present in 16.04.5, too.
tags: |
added: xenial removed: artful |
dronus (paul-geisler) wrote : | #9 |
Still an issue as of today 2020-04-13, for Ubuntu 18.04.
Please set this critical immediately, this is a strong security issue for the use case of multiuser device!
Using a "guest" user to share your device with others is a quite common use case. Everyone would expect that logging out and pass the device to another person would benefit from a eCrypt FS user homdedir setup.
I myself usually log out and set my device to standby on a daily routine. That has me left unprotected by a while now it seems. I usually log out when taking the laptop to unsafe spaces like traveling, conferences and events in public spaces etc. I had expected that logging out would keep my data safe to some level.
As this is a regression too, many already adapted to logout-is-safe behaviour.
dronus (paul-geisler) wrote : | #10 |
Also don't rely on the "affects me" counter above, as for non-power-users this bug is subtle and undetectable in most cases, leaving them unsafe without knowledge.
Klaus Bielke (k-bielke) wrote : | #11 |
Changed in ecryptfs-utils (Debian): | |
status: | Unknown → New |
affects: | gnome-session-shutdown → gnome-session |
Dave J (bigcus) wrote : | #12 |
Note this was also reported in bug 1637710 back in 2016
tags: | removed: xenial |
Status changed to 'Confirmed' because the bug affects multiple users.