Mailinglist Archive: opensuse-bugs (4251 mails)

< Previous Next >
[Bug 1038454] New: encrypted home directory is not unmounted when user logs out
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Wed, 10 May 2017 10:27:57 +0000
  • Message-id: <bug-1038454-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1038454


Bug ID: 1038454
Summary: encrypted home directory is not unmounted when user
logs out
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: x86-64
OS: openSUSE 42.2
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: cfd_s12@xxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

On a multi-user system I created several user accounts with encrypted home
directories by using the "User and Group Management" module in YaST.
When user A (with encrypted home) logs out and user B with root access logs in,
it is possible for user B to access the files in the home directory of user A.
This is not supposed to happen.

I also tried encrypting the home directories using eCryptfs and the problem
persists. Therefore I assume it's not a YaST related bug.


Steps to reproduce:
1) create a new user using YaST, encrypt the home directory
2) login as new user, create a text file
3) logout and login as root
4) try to access home directory of new user (which should be encrypted but is
not)

I've also attached a video.


Expected behaviour:
Root can't access files in other users encrypted home directory.

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
Follow Ups