[Bug 740110] New: ecryptfs-mount-private not working
https://bugzilla.novell.com/show_bug.cgi?id=740110 https://bugzilla.novell.com/show_bug.cgi?id=740110#c0 Summary: ecryptfs-mount-private not working Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: All OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: gleixner@bib-bvb.de QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 See thread: http://forums.opensuse.org/english/other-forums/development/programming-scri... There are 2 problems: 1. User has not the permission to mount - fix: setuid root for /sbin/mount.ecryptfs_private 2. Kernel modules are not loaded automatically. Needs ecryptfs and dependend modules Reproducible: Always Steps to Reproduce: ecryptfs-mount-private Actual Results: error Expected Results: working -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c1
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c2
Neil Rickert
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c3
--- Comment #3 from flo gleixner
ecb 12863 1 ecryptfs 113255 1 cbc 12880 0 sha256_generic 21031 2 encrypted 18148 1 ecryptfs ecryptfs_format 13013 1 encrypted sha1_generic 12679 2 trusted 21890 1 encrypted tpm 26915 1 trusted tpm_bios 13683 1 tpm flo@mamba:~> diff lsmod_1st_try lsmod_2nd_try 1a2 md5 12627 0
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c4
--- Comment #4 from Neil Rickert
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c5
Darin Perusich
the package maintainer has not requested a setuid bit by default so far so the program is not audited whether it's actually safe to set it.
Per Security_packaging_policy#Setuid_binaries, only a bug report needs to be submitted to the security team, there's no mention that the maintainer need be the submitter. Given this, can we conclude that this bug report fulfills point #1 and Point #2, is fulfilled by Comment #3 of the bug report where on beginning on line #304 of the source code documents why /sbin/mount.ecryptfs_private need to setuid? http://en.opensuse.org/openSUSE:Security_packaging_policy#Setuid_binaries -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c6
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c7
--- Comment #7 from Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c8
--- Comment #8 from Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c9
Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c10
--- Comment #10 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c11
--- Comment #11 from Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c12
Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c13
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c14
Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c15
--- Comment #15 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c16
--- Comment #16 from Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c17
--- Comment #17 from Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c18
--- Comment #18 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c19
--- Comment #19 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c20
--- Comment #20 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c21
--- Comment #21 from Andreas Jaeger
From
/* This value is a guaranteed minimum maximum. The current maximum can be got from `sysconf'. */
#ifndef NGROUPS_MAX # define NGROUPS_MAX 8 #endif #endif /* bits/posix1_lim.h */ You don't want 8! Instead of malloc, you can use: long ngroups_max = sysconf(_SC_NGROUPS_MAX); gid_t gid = 0, oegid = 0, groups[ngroups_max+1]; -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c22
--- Comment #22 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c23
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c24
--- Comment #24 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c25
--- Comment #25 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c26
--- Comment #26 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c27
--- Comment #27 from Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c28
Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c29
--- Comment #29 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c30
--- Comment #30 from Darin Perusich
all submitted for factory and 12.2
hmm, not sure if we should do this for 12.1 retroactively.
I'm curious to know why this wouldn't be applied retroactively for 12.1? OpenSuSE 12.1 was only released on 2011-11-16, per the release notes, and will be available for general consumption for 24 months from the release date give the current release cycle. One could also argue these changes should be applied to 11.4 since it will be available until March 2013. Additionally, given the issues related to the release of 12.2, I think it's safe to say that 12.1 is the primary distribution being used by most users so these enhancements aught to benefit them. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c31
--- Comment #31 from Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c32
--- Comment #32 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c33
--- Comment #33 from Andreas Jaeger
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c34
--- Comment #34 from Neil Rickert
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c35
--- Comment #35 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c36
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c37
--- Comment #37 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c38
--- Comment #38 from Thorsten Kukuk
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c39
--- Comment #39 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=740110
https://bugzilla.novell.com/show_bug.cgi?id=740110#c40
Thorsten Kukuk
participants (1)
-
bugzilla_noreply@novell.com