public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Dustin Kirkland <kirkland@canonical.com>
To: "Serge E. Hallyn" <serue@us.ibm.com>
Cc: Tyler Hicks <tyhicks@linux.vnet.ibm.com>,
	linux-kernel@vger.kernel.org,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH] eCryptfs: Don't encrypt file key with filename key
Date: Fri, 13 Mar 2009 13:21:50 -0500	[thread overview]
Message-ID: <1236968511.4904.32.camel@t61p> (raw)
In-Reply-To: <20090313133916.GA32304@us.ibm.com>

On Fri, 2009-03-13 at 08:39 -0500, Serge E. Hallyn wrote:
> Right, so the file name encryption key is the same for all the files,
> whereas you can have multiple file encryption key encryption keys.
> So this bug means that the ability to have multiple FEKEKs becomes
> completely worthless.

True, but only for files created up until this point with eCryptfs
filename encryption enabled.

Considering 2.6.29 is in RC, and Ubuntu Jaunty is still in Alpha (which
is carrying a backport of eCryptfs against 2.6.28), this should be a
relatively controlled set of affected individuals who should be at least
somewhat aware that they're running pre-release code.

+1, ACK on Tyler's patch.  It's a good, simple fix.  We're going to
carry that against Ubuntu's kernel.  I certainly hope that it will make
it into 2.6.29 which should land on a lot more systems.

> This makes me wonder if it's not worth doing a complete code-vs-design
> comparison to make sure there are no other such gems hidden away.

Definitely a good idea.

> Tyler, do you have a user-space (hopefully easier-to-read) parser for
> encrypted ecryptfs files?  (ISTR they were closely following a gpg
> format)

I'll take the to-do to fix this in userspace.  I've file a bug for my
own tracking purposes.  I'll update this as I enhance the ecryptfs-stat
utility:
 * https://bugs.launchpad.net/ecryptfs/+bug/342398

-- 
:-Dustin

Dustin Kirkland
Ubuntu Server Developer
Canonical, LTD
kirkland@canonical.com
GPG: 1024D/83A61194


      parent reply	other threads:[~2009-03-13 18:22 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-03-13  6:24 [PATCH] eCryptfs: Don't encrypt file key with filename key Tyler Hicks
2009-03-13 13:39 ` Serge E. Hallyn
2009-03-13 16:10   ` Tyler Hicks
2009-03-13 18:21   ` Dustin Kirkland [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1236968511.4904.32.camel@t61p \
    --to=kirkland@canonical.com \
    --cc=akpm@linux-foundation.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=serue@us.ibm.com \
    --cc=torvalds@linux-foundation.org \
    --cc=tyhicks@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox