Attention Jaunty Alpha eCryptfs Users...

The 2.6.28 Linux kernel used by each of the Ubuntu Jaunty Alphas (1-6) included a bug that may have written arbitrary kernel memory into your eCryptfs file headers.

Hardy and Intrepid are NOT affected. And the actual encrypted data content in your eCryptfs files is NOT affected.

However, if you run 'strings' on your encrypted data, you may see some cleartext data used as padding in the first 2 pages of the file headers. You can check this with something like:

$ umount.ecryptfs_private && cd ~/.Private && mount.ecryptfs_private
$ find . -type f | xargs strings  | egrep ".{20}"

For more information about the technical details and the fix for this bug, please reference:

• The original bug report (thanks to Florian Streibelt for the report!)
  
  • https://bugs.launchpad.net/ecryptfs/+bug/345544
• The upstream git commit
  
  • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8faece5f906725c10e7a1f6caf84452abadbdc7b

The Ubuntu Jaunty Beta kernel includes the fix, which will correctly zero the 2 pages of kernel memory allocated for these file headers and prevent such data leakage on any eCryptfs file writes thereafter.

However, any files encrypted with a previous Jaunty Alpha kernel will need to be re-encrypted with the new kernel. Also in Ubuntu Jaunty Beta, I have included a new utility in ecryptfs-utils-73 to help you clean your files: ecryptfs-rewrite-file.

• http://manpages.ubuntu.com/manpages/jaunty/en/man1/ecryptfs-rewrite-file.1.html

In that manpage, I give a hint for recursively re-encrypting all files in your eCryptfs mount point. Something along the lines of this:

$ cd $HOME/Private || cd $HOME
$ find . -xdev -print0 | xargs -r -0 /usr/bin/ecryptfs-rewrite-file
$ ecryptfs-umount-private
$ sync
$ ecryptfs-mount-private

To run this, I *strongly* recommend logging out of all graphical desktop sessions, and logging in via the tty console (ctrl-alt-f1), or via ssh. This will minimize the number of background processes you have running, and prevent races reading/writing the files in your home directory.

As a point of reference, when I ran this on my home directory, it took my dual-core, 2.4GHz t61p about 15 minutes to re-encrypt 2GB of data (25,000 files). I strongly recommend that you do the same, at your earliest possible convenience.

One final note... If you are the type that prefers to run 25-rounds-of-shred to thwart complex data recovery from magnetic disks, then you might consider backing up your cleartext data, shredding your disk, and reinstalling from scratch. In which case, I'm sorry (on multiple levels).

• http://manpages.ubuntu.com/manpages/jaunty/en/man1/shred.1.html

Related Post
24/03 – VirtualBox: advanced topics and access to entire physical hard disk 44/03 – AlterMIME is a small programm which is used to alter your mime-encoded mailpacks 24/03 – Virtual Box: Troubleshooting and Guest shows IDE errors for VDI on slow host file system 21/03 - Latest update for Kubuntu: KDE 4.2 Jaunty Jackalope Alpha 6 Released 19/03 - Firefox Add-ons: CLEO 3.0 (Compact Library Extension Organizer ) version 4.1 released 19/03 - Thunderbird Add-ons: TEBE (Thunderbird Environment Backup Extension) beta Nightlies 3.0b1 - 3.1. released 19/03 - Firefox Add-ons: OPIE (Ordered Preference Import/Export) 1.2.3 released 13/03 - A first look at Gimp 2.6.5 13/03 - Every Macedonian Student to Use Ubuntu-Powered Computer Workstations 13/03 - Released Enigmail 0.95.7 extension to the mail client of Mozilla Thunderbird and Mozilla Seamonkey 07/03 - Seq24 is a software MIDI music sequencer that runs under Linux 07/03 - VirtualBox, alternative front-ends; remote virtual machines 07/03 - VirtualBox, VBoxManage Reference Management Interface Version 1.3.99 03/03 - Super Ubuntu is an operating system, functional directly from CD/DVD based on Ubuntu
	Linux Links
	22/03 - YES Linux Basic Edition 3.0.0 available now 21/03 - Ubuntu Server Edition on Amazon - Beta programme now open 18/03 - GNU is a computer operating system composed entirely of free software 18/03 - Gnu: Organizations related to free software 15/03 - Debian GNU/Linux 5.0 released 15/03 - Ubuntu Templates Gallery of Images 15/03 - AdvanceCOMP is a collection of recompression utilities 15/03 - aespipe is an encryption tool that reads from standard input and writes to standard output 14/03 - Gallery Gimp Templates 14/03 - An introduction to CrossOver Games. What exactly is CrossOver Games 14/03 - Games for Linux: War§ow, Tremulous, World of Padman, Nexuiz, Arena comparison of free software shooters 11/03 - Ubuntu Media Players Overview 11/03 - Exaile is a Music Manager and Player for GTK written in Python 11/03 - UBoot MKImage, generate kernel image for U-Boot 11/03 - Starting with Linux: Getting into the Desktop 10/03 - Starting with Linux: Creating New Files and Folders

Do you consider this article interesting? Share it on your network of Twitter contacts, on your Facebook wall or simply press "+1" to suggest this result in searches in Google, Linkedin, Instagram or Pinterest. Spreading content that you find relevant helps this blog to grow. Thank you!

Share on Facebook Share on Twitter Share on Google Plus

About Hugo

Ubuntu is a Linux distribution that offers an operating system predominantly focused on desktop computers but also provides support for servers. Based on Debian GNU / Linux, Ubuntu focuses on ease of use, freedom in usage restriction, regular releases (every 6 months) and ease of installation.