[Bug 1823518] Re: cryfs (& encfs) not prohibited in /etc/updatedb.conf so filenames indexed & visible

Launchpad Bug Tracker 1823518 at bugs.launchpad.net
Tue Jul 30 22:09:19 UTC 2019 

This bug was fixed in the package mlocate - 0.26-3ubuntu3

---------------
mlocate (0.26-3ubuntu3) eoan; urgency=medium

  * Generate the database at package install time.
  * Exclude fuse.cryfs and fuse.encfs in updatedb.conf.  LP: #1823518.

 -- Steve Langasek <steve.langasek at ubuntu.com>  Tue, 16 Jul 2019
15:18:58 -0700

** Changed in: mlocate (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mlocate in Ubuntu.
https://bugs.launchpad.net/bugs/1823518

Title:
  cryfs (& encfs) not prohibited in /etc/updatedb.conf so filenames
  indexed & visible

Status in mlocate package in Ubuntu:
  Fix Released

Bug description:
  The (default) PRUNEFS setting in /etc/updatedb.conf does not contain
  either CryFS (fuse.cryfs) or EncFS (<fstype name unknown>).  Hence,
  the unencrypted filenames (at least) contained within any _mounted_
  CryFS/EncFS filesystem will be indexed by updatedb(5), and visible
  to essentially everyone by mlocate(1).  That is, the names of files
  within an encrypted vault can "leak".  This may not be desirable;
  at the least then, perhaps, the manual page(s) should warn of the
  possibility.

  Obviously, similar problems may apply to other tools (such as, but not
  limited to, glimpse(1) and KDE's baloo), some of which can also index
  the contents of files contained within an encrypted vault---clearly a
  worse problem.  However, the locate tools are, are as far as I'm aware,
  much more commonly-installed.

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: mlocate 0.26-2ubuntu3.1
  ProcVersionSignature: Ubuntu 4.15.0-47.50-generic 4.15.18
  Uname: Linux 4.15.0-47-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.6
  Architecture: amd64
  CurrentDesktop: KDE
  Date: Sun Apr  7 11:59:27 2019
  InstallationDate: Installed on 2016-10-07 (912 days ago)
  InstallationMedia: Kubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
  SourcePackage: mlocate
  UpgradeStatus: Upgraded to bionic on 2018-08-18 (232 days ago)
  modified.conffile..etc.updatedb.conf:
   # updatedb.conf(5) — a configuration file for updatedb(8)
   PRUNE_BIND_MOUNTS="yes"
   # PRUNENAMES=".git .bzr .hg .svn"
   PRUNEPATHS="/tmp /var/spool /media /var/lib/os-prober /var/lib/ceph /home/.ecryptfs /var/lib/schroot /home/blf/.SiriKali /home/blf/Vaults"
   PRUNEFS="NFS nfs nfs4 rpc_pipefs afs binfmt_misc proc smbfs autofs iso9660 ncpfs coda devpts ftpfs devfs devtmpfs fuse.mfs shfs sysfs cifs lustre tmpfs usbfs udf fuse.glusterfs fuse.sshfs curlftpfs ceph fuse.ceph fuse.rozofs ecryptfs fusesmb fuse.cryfs"
  mtime.conffile..etc.updatedb.conf: 2019-04-07T11:36:52.592187

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mlocate/+bug/1823518/+subscriptions

More information about the foundations-bugs mailing list