2

I've followed the instructions to use ext4 encryption here:

How to create ext4 encrypted partition on Ubuntu 15.04 with new 4.1 kernel?

Everything works great. But if the files are deciphered for the owning user, then when I log in as a different user, I can see the encrypted files in the clear. The files are world-readable, but the key is only in the keyring of the owning user, so I'm pretty sure this shouldn't be allowed.

The problem may be related to caching of inodes. When I do:

echo 2 > /proc/sys/vm/drop_caches

Then the files are again inaccessible to the second user. But as soon as the first user accesses the files (with the key in session keyring), the files again become visible to the second user.

I must be doing something blatantly wrong, but I'm not sure what.

I'm on kernel 4.4.0-33-generic using pre-release Yakkety Yak (Ubuntu 16.10).

Community
  • 1
tksfz
  • 21
  • Welcome to Ask Ubuntu! «something blatantly wrong» Does it mean that you allow users to read any home directory? – Andrea Lazzarotto Aug 02 '16 at 23:43
  • For the sake of the question, yes, let's assume the files are world-readable. (Ultimately, I want to try to isolate encryption keys to particular login shells or processes for the same user, but we don't need to get into that now...) – tksfz Aug 02 '16 at 23:58
  • This still fails for me when upgrading to kernel 4.7.0-rc6. – tksfz Aug 03 '16 at 16:13

1 Answers1

1

I confirmed with Ted Ts'o (one of the main authors of ext4 encryption) that it's not designed to work the way I thought it might. It's not meant to provide the kind of "process-level" isolation of deciphered content that I was hoping for. Ordinary access restrictions (file ownership and perms) must still be used to prevent other users from accessing files.

tksfz
  • 111