Bug#918813: [gnome-disk-utility] gnome-disks store passwords in cleartext for automounting encrypted partitions

Jean-Louis Biasini jl.biasini at laposte.net
Wed Jan 9 14:58:52 GMT 2019 

Package: gnome-disk-utility
Version: 3.22.1-1
Severity: important
Tags: security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org

--- Please enter the report below this line. ---

Hi and thanks for your work,

If one configure gnome disks to automount LUKS partition (encryption 
options, désactivating automatic encryption options, selecting unlock on 
start, entering the passphrase in the filed below) the passphrase ends 
up in cleartext in a file on /etc/luks-keys/luks-UUID-OF-PARTITION

In my opinion this is bad because it makes it easy to recover. This 
makes the encryption itself useless and mislead the user into thinking 
that his data is secured.

- Ideally my suggestion would be that the password should go through the 
default password keyring software, and the partition should be mounted 
at user level.
- If this is not possible I suggest removing the auto-mount option.
- At the very least I think that the user should be informed of this 
issue when he activates that functionality.

Thanks,

Jean-Louis Biasini

--- System information. ---

Architecture:
Kernel: Linux 4.9.0-8-amd64

Debian Release: 9.6
500 stable-updates ftp.fr.debian.org
500 stable security.debian.org
500 stable ftp.fr.debian.org

--- Package information. ---
Depends (Version) | Installed
====================================================-+-========================= 

udisks2 (>= 2.1.1) | 2.1.8-1
dconf-gsettings-backend | 0.26.0-2+b1
OR gsettings-backend |
libatk1.0-0 (>= 1.12.4) | 2.22.0-1
libc6 (>= 2.10) |
libcairo-gobject2 (>= 1.10.0) |
libcairo2 (>= 1.2.4) |
libcanberra-gtk3-0 (>= 0.25) |
libcanberra0 (>= 0.2) |
libdvdread4 (>= 4.1.3) |
libgdk-pixbuf2.0-0 (>= 2.22.0) |
libglib2.0-0 (>= 2.39.90) |
libgtk-3-0 (>= 3.16.2) |
liblzma5 (>= 5.1.1alpha+20120614) |
libnotify4 (>= 0.7.0) |
libpango-1.0-0 (>= 1.18.0) |
libpangocairo-1.0-0 (>= 1.14.0) |
libpwquality1 (>= 1.1.0) |
libsecret-1-0 (>= 0.7) |
libsystemd0 (>= 209) |
libudisks2-0 (>= 2.1.1) |
libx11-6 |


Package's Recommends field is empty.

Package's Suggests field is empty.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnome-maintainers/attachments/20190109/6e77f3ba/attachment.html>

More information about the pkg-gnome-maintainers mailing list