Re: [PATCH] eCryptfs: Don't encrypt file key with filename key

[Dustin Kirkland]

On Fri, 2009-03-13 at 08:39 -0500, Serge E. Hallyn wrote:
> Right, so the file name encryption key is the same for all the files,
> whereas you can have multiple file encryption key encryption keys.
> So this bug means that the ability to have multiple FEKEKs becomes
> completely worthless.

True, but only for files created up until this point with eCryptfs
filename encryption enabled.

Considering 2.6.29 is in RC, and Ubuntu Jaunty is still in Alpha (which
is carrying a backport of eCryptfs against 2.6.28), this should be a
relatively controlled set of affected individuals who should be at least
somewhat aware that they're running pre-release code.

+1, ACK on Tyler's patch.  It's a good, simple fix.  We're going to
carry that against Ubuntu's kernel.  I certainly hope that it will make
it into 2.6.29 which should land on a lot more systems.

> This makes me wonder if it's not worth doing a complete code-vs-design
> comparison to make sure there are no other such gems hidden away.

Definitely a good idea.

> Tyler, do you have a user-space (hopefully easier-to-read) parser for
> encrypted ecryptfs files?  (ISTR they were closely following a gpg
> format)

I'll take the to-do to fix this in userspace.  I've file a bug for my
own tracking purposes.  I'll update this as I enhance the ecryptfs-stat
utility:
 * https://bugs.launchpad.net/ecryptfs/+bug/342398

-- 
:-Dustin

Dustin Kirkland
Ubuntu Server Developer
Canonical, LTD
kirkland@xxxxxxxxxxxxx
GPG: 1024D/83A61194

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/