Ubuntu
ecryptfs-utils package

ecryptfs-setup-private displays login passphrase on terminal

Bug #259746 reported by Colin Watson
12
Affects Status Importance Assigned to Milestone
eCryptfs
Unknown
Unknown
ecryptfs-utils (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: ecryptfs-utils

Displaying the mount passphrase so that you can record it is one thing, but ecryptfs-setup-private also displays the login passphrase on the terminal. This is unnecessary as the user already knows their login passphrase by definition, and seems like a bad idea!

Revision history for this message
Colin Watson (cjwatson) wrote :

Perhaps the mount passphrase should only be displayed if it was randomly generated. If you typed it in, then you know it.

Revision history for this message
Andreas Moog (ampelbein) wrote :

I reported this issue Upstream:
http://sourceforge.net/tracker/index.php?func=detail&aid=2062628&group_id=133988&atid=728799

Changed in ecryptfs-utils:
status: New → Confirmed
Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Colin/Andreas-

Thanks for reporting this, guys...

The code you cite was originally introduce as debug prints, as I was developing this to ensure that I properly handled the hierarchy of specifying these variables (a) in the environment, (b) on the command line, (c) interactively.

As I have run this code hundreds (thousands?) of times as this point, these eyes had become entirely blind to it.

The attached patch comments out the series of echo's that displays those parameters.

It also determines if the mount passphrase was generated, in which case it is printed to screen. In either case, the user is politely reminded to record the mount passphrase in a safe location.

:-Dustin

Revision history for this message
Dustin Kirkland  (kirkland) wrote :

Note: I will be committing this patch upstream.

:-Dustin

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ecryptfs-utils - 53-1ubuntu5

---------------
ecryptfs-utils (53-1ubuntu5) intrepid; urgency=low

  * debian/patches/00list: add 25-ecryptfs-setup-private_fix-pw-echo.dpatch
    (LP: #259746).
  * debian/patches/25-ecryptfs-setup-private_fix-pw-echo.dpatch: comment out
    mostly-debugish echo's; conditionally print randomly generated passphrase;
    always remind the user to print/record the mount passphrase for data
    recovery.

 -- Dustin Kirkland <email address hidden> Wed, 20 Aug 2008 23:20:36 +0100

Changed in ecryptfs-utils:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.