subject:"Re\: Suggestion\: Leaky temp directory with encrypted home directories"

Re: Suggestion: Leaky temp directory with encrypted home directories

2010-07-09 Thread Rob King


On Fri, 2010-07-02 at 09:16 -0500, Dustin Kirkland wrote: 
> On Thu, Jul 1, 2010 at 2:55 PM, Rob King  wrote:
> > Hello everyone,
> >Ubuntu's encrypted home directory feature is quite useful, and a good way
> > of increasing the security and privacy of information.
> >However, the scheme is a little "leaky". Applications still use the
> > default system-wide temporary directory (/tmp), which is not encrypted. For
> > applications that store things in the temporary directory, this can cause
> > leaks of sensitive information outside the encrypted home directory. For
> > things like Deja Dup, this can cause the entire contents of the home
> > directory to be copied into an unencrypted area.
> >I would suggest that, when a user enables the encrypted home directory
> > feature, the TMPDIR directory is set to a temporary directory inside that
> > user's home directory. This could easily be done in desktop sessions by
> > modifying ~/.xsessionrc. I'm not sure how easy this would be for
> > command-line logins.
> 
> I agree that programs which leak truly sensitive nature to /tmp should
> be fixed.  Please file a bug in Launchpad for each and every program
> you find that leaks sensitive data to /tmp.
> 

While I agree that any program that writes sensitive data to /tmp is in
some way broken, I don't know that fixing them is a good long term
solution. For every program that is fixed, another will pop up that's
broken.

> However, it's worth mentioning that /tmp is wiped on every boot in
> Ubuntu.  For this reason, I usually put my /tmp in a tmpfs in memory
> (on systems where I have a few GB of memory).  Add this line to your
> /etc/fstab:
>   tmpfs /tmp tmpfs rw
> 
> This ensures that the data written to /tmp is never actually written
> to disk.  I think this is an excellent best-practice for the security
> conscious.
> 

This is a good solution, except that it only works on systems with
sufficient RAM - and even then, the RAM may be swapped to disk. By
setting a session-wide TMPDIR variable, temporary data is always written
to an area of the disk that is known to be encrypted. 

Thanks,
Rob



-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Suggestion: Leaky temp directory with encrypted home directories

2010-07-02 Thread Dustin Kirkland

On Fri, Jul 2, 2010 at 10:16 AM, Sindhudweep Sarkar
 wrote:
> Possibly, but for those really interested in preventing leaks, using ram is
> no help either.
>
> A fair number of attacks using liquid nitrogen or other cryogenics have been
> done recently.

If that's what you're concerned about, then neither eCryptfs nor any
other disk encryption mechanism for Windows, Mac, or Linux is going to
help you.

Dustin

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Suggestion: Leaky temp directory with encrypted home directories

2010-07-02 Thread Dustin Kirkland

On Fri, Jul 2, 2010 at 9:22 AM, Ansgar Burchardt  wrote:
> Hi,
>
> Dustin Kirkland  writes:
>
>> However, it's worth mentioning that /tmp is wiped on every boot in
>> Ubuntu.  For this reason, I usually put my /tmp in a tmpfs in memory
>> (on systems where I have a few GB of memory).  Add this line to your
>> /etc/fstab:
>>   tmpfs /tmp tmpfs rw
>>
>> This ensures that the data written to /tmp is never actually written
>> to disk.  I think this is an excellent best-practice for the security
>> conscious.
>
> This is not always true.  Contents of a tmpfs can be swapped to disk[1]
> and you might thus leak information when you rely on the fact that
> contents of a tmpfs will never be written to permanent storage.

If you setup your encrypted home in the default manner, you
automatically have encrypted swap.

  $ cat /proc/swaps

Dustin

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Suggestion: Leaky temp directory with encrypted home directories

2010-07-02 Thread Sindhudweep Sarkar

Possibly, but for those really interested in preventing leaks, using ram is
no help either.

A fair number of attacks using liquid nitrogen or other cryogenics have been
done recently.

-Sindhudweep.

On Fri, Jul 2, 2010 at 10:26 AM, Lucian Adrian Grijincu <
lucian.griji...@gmail.com> wrote:

> On Fri, Jul 2, 2010 at 5:22 PM, Ansgar Burchardt  wrote:
> >> Ubuntu.  For this reason, I usually put my /tmp in a tmpfs in memory
> >> (on systems where I have a few GB of memory).
> > [...]
> > This is not always true.  Contents of a tmpfs can be swapped to disk[1]
> > and you might thus leak information when you rely on the fact that
> > contents of a tmpfs will never be written to permanent storage.
>
>
> Well if you've got several GB of memory you can dispense of swap
> altogether, can't you?
>
>
> --
>  .
> ..: Lucian
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss@lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Suggestion: Leaky temp directory with encrypted home directories

2010-07-02 Thread Lucian Adrian Grijincu

On Fri, Jul 2, 2010 at 5:22 PM, Ansgar Burchardt  wrote:
>> Ubuntu.  For this reason, I usually put my /tmp in a tmpfs in memory
>> (on systems where I have a few GB of memory).
> [...]
> This is not always true.  Contents of a tmpfs can be swapped to disk[1]
> and you might thus leak information when you rely on the fact that
> contents of a tmpfs will never be written to permanent storage.


Well if you've got several GB of memory you can dispense of swap
altogether, can't you?


-- 
 .
..: Lucian

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Suggestion: Leaky temp directory with encrypted home directories

2010-07-02 Thread Ansgar Burchardt

Hi,

Dustin Kirkland  writes:

> However, it's worth mentioning that /tmp is wiped on every boot in
> Ubuntu.  For this reason, I usually put my /tmp in a tmpfs in memory
> (on systems where I have a few GB of memory).  Add this line to your
> /etc/fstab:
>   tmpfs /tmp tmpfs rw
>
> This ensures that the data written to /tmp is never actually written
> to disk.  I think this is an excellent best-practice for the security
> conscious.

This is not always true.  Contents of a tmpfs can be swapped to disk[1]
and you might thus leak information when you rely on the fact that
contents of a tmpfs will never be written to permanent storage.

Regards,
Ansgar

[1] 


-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Suggestion: Leaky temp directory with encrypted home directories

2010-07-02 Thread Dustin Kirkland

On Thu, Jul 1, 2010 at 2:55 PM, Rob King  wrote:
> Hello everyone,
>    Ubuntu's encrypted home directory feature is quite useful, and a good way
> of increasing the security and privacy of information.
>    However, the scheme is a little "leaky". Applications still use the
> default system-wide temporary directory (/tmp), which is not encrypted. For
> applications that store things in the temporary directory, this can cause
> leaks of sensitive information outside the encrypted home directory. For
> things like Deja Dup, this can cause the entire contents of the home
> directory to be copied into an unencrypted area.
>    I would suggest that, when a user enables the encrypted home directory
> feature, the TMPDIR directory is set to a temporary directory inside that
> user's home directory. This could easily be done in desktop sessions by
> modifying ~/.xsessionrc. I'm not sure how easy this would be for
> command-line logins.

I agree that programs which leak truly sensitive nature to /tmp should
be fixed.  Please file a bug in Launchpad for each and every program
you find that leaks sensitive data to /tmp.

However, it's worth mentioning that /tmp is wiped on every boot in
Ubuntu.  For this reason, I usually put my /tmp in a tmpfs in memory
(on systems where I have a few GB of memory).  Add this line to your
/etc/fstab:
  tmpfs /tmp tmpfs rw

This ensures that the data written to /tmp is never actually written
to disk.  I think this is an excellent best-practice for the security
conscious.

:-Dustin

-- 
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Re: Suggestion: Leaky temp directory with encrypted home directories

Re: Suggestion: Leaky temp directory with encrypted home directories

Re: Suggestion: Leaky temp directory with encrypted home directories

Re: Suggestion: Leaky temp directory with encrypted home directories

Re: Suggestion: Leaky temp directory with encrypted home directories

Re: Suggestion: Leaky temp directory with encrypted home directories

Re: Suggestion: Leaky temp directory with encrypted home directories

7 matches

Site Navigation

Mail list logo

Footer information