Control: tags 852751 + stretch sid confirmed
On Fri, 27 Jan 2017 at 02:27:31 +0300, Kirill Tkhai wrote:
> today I tried to use cryptkeeper in the first time. I created
> a new encrypted folder by wizzard, and copied my data into
> the folder in Nautilus.
...
> decrypting using "p" password works for any encrypted directory,
> created using cryptkeeper. This obviously mustn't work such way.
I can confirm this bug in a stretch virtual machine, but not in
a jessie virtual machine. I'm assuming it applies to sid too.
Steps to reproduce:
* install gnome-session-flashback, lightdm, cryptkeeper, xterm
* log in to GNOME Flashback session
* Accessories -> System Tools -> Cryptkeeper
* right-click the key icon that appears
* New encrypted folder
* enter name "secrets"
* select home directory as its location
* click Forward
* enter some password other than "p", twice
* click Forward
* open the xterm
* fusermount -u ~/secrets
* encfs ~/.secrets_encfs ~/secrets
* when prompted for "EncFS Password:" enter the correct password
- good result: ~/secrets mounts successfully
- bad result: password rejected
* fusermount -u ~/secrets
* encfs ~/.secrets_encfs ~/secrets
* when prompted for "EncFS Password:" enter "p"
- good result: password rejected
- bad result: ~/secrets mounts successfully
It looks as though cryptkeeper makes assumptions about encfs'
command-line interface that are no longer valid.
I also notice that cryptkeeper does not check what write() and
close() return during its interactions with encfs, which seems very
likely to lead to undesired results.
I have recommended that the release team remove this package
from stretch: it currently gives a false sense of security that is
worse than not encrypting at all.
Regards,
smcv
assisting the Cambridge BSP
-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-1-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages cryptkeeper depends on:
ii encfs 1.9.1-3
ii fuse 2.9.7-1
ii gconf-service 3.2.6-4
ii libatk1.0-0 2.22.0-1
ii libc6 2.24-8
ii libcairo2 1.14.8-1
ii libfontconfig1 2.11.0-6.7
ii libfreetype6 2.6.3-3+b1
ii libgcc1 1:6.2.1-5
ii libgconf-2-4 3.2.6-4
ii libgdk-pixbuf2.0-0 2.36.3-1
ii libglib2.0-0 2.50.2-2
ii libgtk2.0-0 2.24.31-1
ii libpango1.0-0 1.40.3-3
ii libstdc++6 6.2.1-5
ii libx11-6 2:1.6.4-2
ii zenity 3.22.0-1
cryptkeeper recommends no packages.
cryptkeeper suggests no packages.
-- no debconf information
