[Bug 277655] Re: Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers)
We now have encrypted swap. This should help matters tremendously. Additionally, I recommend making /tmp a tmpfs in memory, by adding the following line to your /etc/fstab: tmpfs /tmp tmpfs rw If other programs copy data out of a user's home directory to other locations *on disk*, bugs should be filed against those programs for leaking user data. At this point I'm closing the eCryptfs aspects of this bug. Thanks, :-Dustin ** Changed in: ecryptfs Status: Confirmed => Fix Released ** Changed in: ecryptfs-utils (Ubuntu) Status: Confirmed => Fix Released -- Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers) https://bugs.launchpad.net/bugs/277655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277655] Re: Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers)
** Changed in: ecryptfs Importance: Medium => Wishlist ** Changed in: ecryptfs-utils (Ubuntu) Importance: Medium => Wishlist -- Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers) https://bugs.launchpad.net/bugs/277655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277655] Re: Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers)
** Also affects: ecryptfs Importance: Undecided Status: New -- Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers) https://bugs.launchpad.net/bugs/277655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277655] Re: Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers)
Couple things to update here ... With encrypted home directories now available in Jaunty, it's possible to keep all data, meta data, and cached data in your home directory encrypted. For Karmic, I hope that /tmp becomes a tmpfs, entirely in RAM. Couple that with encrypted swap, and it should be possible to prevent tmp data from ever leaking to disk. /var/tmp is a little bit trickier. For /var/tmp, there are relatively few applications that write data there. I'd like to take those on a case-by-case basis, and try to ensure that the data that gets written to /var/tmp is not leaked sensitive data. Otherwise, these applications (thumbnailers and such), should be running as your non-privileged $USER and shouldn't really have write access to locations outside of $HOME, /tmp, /var/tmp, right? In which case, I think we should be able to cover those 3 cases... :-Dustin ** Changed in: ecryptfs-utils (Ubuntu) Status: Confirmed => Triaged -- Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers) https://bugs.launchpad.net/bugs/277655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277655] Re: Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers)
Okay, just an FYI update, since I'm looking at this bug again... I'm going to leave this open and attached to ecryptfs-utils. However, this is a pervasive problem in general. It would take a complete package audit to find all the places where data might be leaked to /var/* or /tmp/*, or elsewhere. Perhaps mandatory access control (SELinux/AppArmor) and exhaustive file labeling might help. Also, encrypted home directories in jaunty should also help, in terms of user data that gets copied to ~/.* directories. In the meantime, LVM and total disk encryption is likely the best option for users with a deep concern about this issue. Good luck, :-Dustin -- Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers) https://bugs.launchpad.net/bugs/277655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277655] Re: Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers)
Also consider the tracker and beagle search tools -- Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers) https://bugs.launchpad.net/bugs/277655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 277655] Re: Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers)
Marking as 'Confirmed'. I'm going to bring this up for discussion at the Ubuntu Developer Summit in December of 2008, and talk about how to fix this leakage of information in Jaunty. :-Dustin ** Changed in: ecryptfs-utils (Ubuntu) Importance: Undecided => Medium Status: New => Confirmed -- Protect data in an encrypted Private from being inadvertently copied elsewhere (eg, thumbnailers) https://bugs.launchpad.net/bugs/277655 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs