[Touch-packages] [Bug 1077074] Re: /var/crash is unencrypted
[Expired for apport (Ubuntu) because there has been no activity for 60 days.] ** Changed in: apport (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1077074 Title: /var/crash is unencrypted Status in apport package in Ubuntu: Expired Bug description: When using encrypted (ecryptfs) home directories, although the swap device is encrypted there is a potential information leak via /var/crash. I was able to successfully recover plaintext content from a file being edited within the encrypted directory when the editor crashed (triggered by SIGILL for testing) simply by mounting the root device on another system and extracting the core dump from the .crash file. As these files remain on the filesystem until cleaned up by cron this represents a significant vulnerability, especially for laptop users. To reproduce: 1) Open a sensitive file for editing (e.g. in vim) 2) Trigger a core dump in the editor [Alternatively: 1&2) steal a laptop] 3) Mount the device containing /var/crash on another system 4) Extract core dumps from /var/crash/*.crash 5) Search the dumps for sensitive plaintext ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: apport 2.6.1-0ubuntu6 ProcVersionSignature: Ubuntu 3.5.0-18.18-lowlatency 3.5.7 Uname: Linux 3.5.0-18-lowlatency x86_64 ApportVersion: 2.6.1-0ubuntu6 Architecture: amd64 Date: Fri Nov 9 16:40:08 2012 EcryptfsInUse: Yes InstallationDate: Installed on 2012-10-11 (28 days ago) InstallationMedia: Ubuntu-Studio 12.04.1 "Precise Pangolin" - Release amd64 (20120818) MarkForUpload: True PackageArchitecture: all SourcePackage: apport UpgradeStatus: Upgraded to quantal on 2012-10-26 (14 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1077074/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1077074] Re: /var/crash is unencrypted
This release of Ubuntu is no longer receiving maintenance updates. If this is still an issue on a maintained version of Ubuntu please let us know. ** Changed in: apport (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apport in Ubuntu. https://bugs.launchpad.net/bugs/1077074 Title: /var/crash is unencrypted Status in apport package in Ubuntu: Incomplete Bug description: When using encrypted (ecryptfs) home directories, although the swap device is encrypted there is a potential information leak via /var/crash. I was able to successfully recover plaintext content from a file being edited within the encrypted directory when the editor crashed (triggered by SIGILL for testing) simply by mounting the root device on another system and extracting the core dump from the .crash file. As these files remain on the filesystem until cleaned up by cron this represents a significant vulnerability, especially for laptop users. To reproduce: 1) Open a sensitive file for editing (e.g. in vim) 2) Trigger a core dump in the editor [Alternatively: 1&2) steal a laptop] 3) Mount the device containing /var/crash on another system 4) Extract core dumps from /var/crash/*.crash 5) Search the dumps for sensitive plaintext ProblemType: Bug DistroRelease: Ubuntu 12.10 Package: apport 2.6.1-0ubuntu6 ProcVersionSignature: Ubuntu 3.5.0-18.18-lowlatency 3.5.7 Uname: Linux 3.5.0-18-lowlatency x86_64 ApportVersion: 2.6.1-0ubuntu6 Architecture: amd64 Date: Fri Nov 9 16:40:08 2012 EcryptfsInUse: Yes InstallationDate: Installed on 2012-10-11 (28 days ago) InstallationMedia: Ubuntu-Studio 12.04.1 "Precise Pangolin" - Release amd64 (20120818) MarkForUpload: True PackageArchitecture: all SourcePackage: apport UpgradeStatus: Upgraded to quantal on 2012-10-26 (14 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1077074/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
