Package: libpam-encfs Version: 0.1.3-1 Severity: critical When using sudo as a user whose home directory is encrypted by encfs using libpam-encfs for authentification, the following behavior shows up:
[EMAIL PROTECTED]:/etc$ sudo pwd Password: /home/tittel [EMAIL PROTECTED]:/etc$ sudo pwd /etc [EMAIL PROTECTED]:/etc As you can see, if sudo is called for the first time and asks for the password, the current path is not inherited by the super user environment. This problem does not occur with a user whose home directory is not encrypted by encfs. This bug is known to upstream and has been fixed in version 0.1.4 of libpam-encfs (see http://hollowtube.mine.nu/wiki/index.php?n=Projects.PamEncfs). I built my own deb-package for version 0.1.4.1 and can confirm that the bug is resolved in this version. I consider this bug highly dangerous and recommended an urgent fix. Just think about somebody executing "sudo rm -R *" in a directory whose contents he wants to delete and deleting his whole home directory instead. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
