Package: e2fsprogs Version: 1.43.4-2 Severity: important Dear Maintainer,
I believe FS-cache is breaking ext4 crypt. - enabled crypt for a folder by user1 - created a file1 with content inside this folder by user1 - allowed user2 to read and write into this folder (simple POSIX group or others) - rebooted system = directory listing by user1 shows scrambled filenames - like expected = directory listing by user2 shows scrambled filenames - like expected - open encryption by user1 = directory listing by user2 shows scrambled filenames - like expected = directory listing by user1 shows correct filenames - like expected ! directory listing by user2 now shows correct filenames - not as expected = show file1 content as user2 shows error "key missed" - as expected = show file1 content as user1 shows content - as expected ! show file1 content as user2 showns content - not as expected ! touch file2 as user2 creates file - not expected = cat content as user2 to file2 shows error - expected = cat content as user1 to file2 edits file - expected ! cat content as user2 to file2 now edits file also - not expected I expected crypted content is only accessibla by user holding the right key, but it seems everything opened by the reight user maes things accessible by all other (POSIX allowed) users. Maybe it is a caching phenomenom? But it is not secure. -- System Information: Debian Release: 9.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages e2fsprogs depends on: ii e2fslibs 1.43.4-2 ii libblkid1 2.29.2-1+deb9u1 ii libc6 2.24-11+deb9u3 ii libcomerr2 1.43.4-2 ii libss2 1.43.4-2 ii libuuid1 2.29.2-1+deb9u1 ii util-linux 2.29.2-1+deb9u1 e2fsprogs recommends no packages. Versions of packages e2fsprogs suggests: pn e2fsck-static <none> pn fuse2fs <none> pn gpart <none> pn parted <none> -- no debconf information