I write this to commit the sad fact security issue of not unmounted on logout encrypted directory is still present in Debian 9 on two my laptops one i386 and another amd64.
1. Right after ecryptfs-utils package installed, user command $ ecryptfs-setup-private fails, complains there is no module. This: root% modprobe ecryptfs helps. 2. On command ecryptfs-setup-private lines are printed: ---[output begin]--- $ ecryptfs-setup-private Enter your login passphrase [demouser]: Enter your mount passphrase [leave blank to generate one]: ************************************************************************ YOU SHOULD RECORD YOUR MOUNT PASSPHRASE AND STORE IT IN A SAFE LOCATION. ecryptfs-unwrap-passphrase ~/.ecryptfs/wrapped-passphrase THIS WILL BE REQUIRED IF YOU NEED TO RECOVER YOUR DATA AT A LATER TIME. ************************************************************************ Done configuring. Testing mount/write/umount/read... Inserted auth tok with sig [96a5accf8ba63f67] into the user session keyring Inserted auth tok with sig [b7475d399806eb44] into the user session keyring Inserted auth tok with sig [96a5accf8ba63f67] into the user session keyring Inserted auth tok with sig [b7475d399806eb44] into the user session keyring Testing succeeded. Logout, and log back in to begin using your encrypted directory. ---[output end]--- That doubled lines look somewhat strange and it is not clear if this is by design or it signals that something goes wrong. 3. Right after I performed ecryptfs-setup-private, logged out from Mate session and logged in back as it said me to do, private mount worked as expected. I have tested it with numerous logins and logouts in Mate and on tty consoles in parallel, value in /dev/shm/ecryptfs-username-Private changed as expected. But when I rebooted system and logged in into Mate the counter immediately contained value 2. With next login on console counter became 3, and so on. Counter stayed 1 after I logged out from Mate session and all user consoles. Ecrypted fs stayed mounted. The same for another user with ecryptfs install: counter worked as expected until reboot, while for the first user counter was already broken, and after next reboot both users' counters were broken. 4. For console-only logins (user has not been logged in through Mate since last reboot) the picture is different and very interesting: After login counter contains 2. After logout counter file disappers but ecryptfs's .Private stays mounted!!! On next immediate login counter file appears but it is empty! NOT one, NOT zero, NOT two! On logout counter file disappers and ecryptfs directory IS unmounted! On 3rd login counter is 2, on logout counter file disappers but directory stays mounted. On 4th login counter is empty, on logout it disappers and directory IS umounted. So each second time private directory is not umounted on logout while counter file contents and behaviour is obviously buggy. Nobody cares? Shouldn't we raise importance? Package supplies partially _fake security_ when used most common way...
