[Bug 1045886] ecryptfs problems with recent Tumbleweed
http://bugzilla.novell.com/show_bug.cgi?id=1045886
http://bugzilla.novell.com/show_bug.cgi?id=1045886#c27
--- Comment #27 from Franck Bui
(In reply to Martin Wilck from comment #18)
So, by running that innocently-looking command, a user would inadvertently provide his personal keys to a system service??
And to another user. To illustrate:
bor@10:~> id -a uid=1000(bor) gid=100(users) groups=100(users) bor@10:~> keyctl show -x Session Keyring 0x2f8153fa --alswrv 0 0 keyring: _ses 0x144397e9 ----s-rv 0 0 \_ user: invocation_id test@10:~> id -a uid=1001(test) gid=100(users) groups=100(users) test@10:~> keyctl show -x
So both users already have access to exactly the same keyrings. Now let's try what you suggest.
Since you don't show the result of "keyctl show -x" for "test" user, it's hard to say ;) I've run the same test and the 2 users get a differ session keyring... How did you log in BTW ? Through different ttys ?
bor@10:~> keyctl link @us @s test@10:~> keyctl link @us @s
[...]
So both users now have access to user keyring of each other.
That's definitively weird and again I'm seeing different (and expected) results here. User session keyring is supposed to be per UID resources, so "@us" for "bor" user should be something totally different from "@us" for "test". At least it's my slight understanding of the keyrings stuff. Which kernel version are your running ? (I'm using 4.11.5-1) -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com