Viewing all changes in revision 83.
- Committer: Chris J Arges
- Date: 2012-10-26 15:09:12 UTC
- Revision ID: chris.j.arges@canonical.com-20121026150912-qxb36zfbs647qyau
[ Dustin Kirkland ]
* src/utils/mount.ecryptfs_private.c: LP: #1052038
- fix race condition, which typically manifests itself with a user
saying that their home directory is not accessible, or that their
filenames are not decrypted
- the root of the problem is that we were reading the signature file,
~/.ecryptfs/Private.sig, twice; in some cases, the first one succeeds,
so the file encryption signature is read and key is loaded, but then
some other process (usually from PAM, perhaps a cron job or a
subsequent login) mounts the home directory before the filename
encryption key is loaded; thus, $HOME is mounted but filenames are
not decrypted, so the second read of ~/.ecryptfs/Private.sig fails
as that file is not found
- the solution is to rework the internal fetch_sig() function and read
one or both signatures within a single open/read/close operation of
the file
* src/utils/mount.ecryptfs_private.c: LP: #1052038
- fix race condition, which typically manifests itself with a user
saying that their home directory is not accessible, or that their
filenames are not decrypted
- the root of the problem is that we were reading the signature file,
~/.ecryptfs/Private.sig, twice; in some cases, the first one succeeds,
so the file encryption signature is read and key is loaded, but then
some other process (usually from PAM, perhaps a cron job or a
subsequent login) mounts the home directory before the filename
encryption key is loaded; thus, $HOME is mounted but filenames are
not decrypted, so the second read of ~/.ecryptfs/Private.sig fails
as that file is not found
- the solution is to rework the internal fetch_sig() function and read
one or both signatures within a single open/read/close operation of
the file
expand all
collapse all
added
removed
