[Secure-testing-team] Bug#852751: [cryptkeeper] Sets the same password "p" for everything independently of user input

Simon McVittie smcv at debian.org
Sat Jan 28 15:34:42 UTC 2017 

Control: tags 852751 + stretch sid confirmed

On Fri, 27 Jan 2017 at 02:27:31 +0300, Kirill Tkhai wrote:
> today I tried to use cryptkeeper in the first time. I created
> a new encrypted folder by wizzard, and copied my data into
> the folder in Nautilus.
...
> decrypting using "p" password works for any encrypted directory,
> created using cryptkeeper. This obviously mustn't work such way.

I can confirm this bug in a stretch virtual machine, but not in
a jessie virtual machine. I'm assuming it applies to sid too.

Steps to reproduce:

* install gnome-session-flashback, lightdm, cryptkeeper, xterm
* log in to GNOME Flashback session
* Accessories -> System Tools -> Cryptkeeper
* right-click the key icon that appears
* New encrypted folder
* enter name "secrets"
* select home directory as its location
* click Forward
* enter some password other than "p", twice
* click Forward
* open the xterm
* fusermount -u ~/secrets
* encfs ~/.secrets_encfs ~/secrets
* when prompted for "EncFS Password:" enter the correct password
  - good result: ~/secrets mounts successfully
  - bad result: password rejected
* fusermount -u ~/secrets
* encfs ~/.secrets_encfs ~/secrets
* when prompted for "EncFS Password:" enter "p"
  - good result: password rejected
  - bad result: ~/secrets mounts successfully

It looks as though cryptkeeper makes assumptions about encfs'
command-line interface that are no longer valid.

I also notice that cryptkeeper does not check what write() and
close() return during its interactions with encfs, which seems very
likely to lead to undesired results.

I have recommended that the release team remove this package
from stretch: it currently gives a false sense of security that is
worse than not encrypting at all.

Regards,
    smcv
    assisting the Cambridge BSP

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-1-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cryptkeeper depends on:
ii  encfs               1.9.1-3
ii  fuse                2.9.7-1
ii  gconf-service       3.2.6-4
ii  libatk1.0-0         2.22.0-1
ii  libc6               2.24-8
ii  libcairo2           1.14.8-1
ii  libfontconfig1      2.11.0-6.7
ii  libfreetype6        2.6.3-3+b1
ii  libgcc1             1:6.2.1-5
ii  libgconf-2-4        3.2.6-4
ii  libgdk-pixbuf2.0-0  2.36.3-1
ii  libglib2.0-0        2.50.2-2
ii  libgtk2.0-0         2.24.31-1
ii  libpango1.0-0       1.40.3-3
ii  libstdc++6          6.2.1-5
ii  libx11-6            2:1.6.4-2
ii  zenity              3.22.0-1

cryptkeeper recommends no packages.

cryptkeeper suggests no packages.

-- no debconf information

More information about the Secure-testing-team mailing list