Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

systemd-homed fscrypt-backed files are still visible after logout #32596

Open
dkg opened this issue May 1, 2024 · 2 comments
Open

systemd-homed fscrypt-backed files are still visible after logout #32596

dkg opened this issue May 1, 2024 · 2 comments
Labels
bug 🐛 Programming errors, that need preferential fixing homed homed, homectl, pam_homed

Comments

@dkg
Copy link
Contributor

dkg commented May 1, 2024

systemd version the issue has been seen with

255.5

Used distribution

debian unstable

Linux kernel version used

6.7.12-amd64

CPU architectures issue was seen on

x86_64

Component

systemd-homed

Expected behaviour you didn't see

I expected the contents of the backing files in the user's homedir to be ciphertext, once the user had fully logged out. Instead, the contents of the files were visible in the clear.

The names of the files appear to be ciphertext, though!

Unexpected behaviour you saw

0 root@unstable-amd64:~# date
Tue Apr 30 08:38:28 PM EDT 2024
0 root@unstable-amd64:~# journalctl --since '19:41' | grep moogly
Apr 30 19:41:48 unstable-amd64 systemd-homed[803]: moogly: changing state absent → creating
Apr 30 19:41:48 unstable-amd64 systemd-homed[803]: moogly: changing state creating → inactive
Apr 30 19:42:12 unstable-amd64 systemd-homed[803]: moogly: changing state inactive → activating-for-acquire
Apr 30 19:42:12 unstable-amd64 systemd-homed[803]: moogly: changing state activating-for-acquire → inactive
Apr 30 19:42:12 unstable-amd64 systemd-homed[803]: Got notification that all sessions of user moogly ended, deactivating automatically.
Apr 30 19:42:12 unstable-amd64 systemd-homed[803]: Home moogly already deactivated, no automatic deactivation needed.
Apr 30 19:42:23 unstable-amd64 systemd-homed[803]: moogly: changing state inactive → activating-for-acquire
Apr 30 19:42:23 unstable-amd64 systemd-homework[1146]: Moving to final mount point /home/moogly completed.
Apr 30 19:42:23 unstable-amd64 systemd-homed[803]: Home moogly is signed exclusively by our key, accepting.
Apr 30 19:42:23 unstable-amd64 systemd-homed[803]: moogly: changing state activating-for-acquire → active
Apr 30 19:42:23 unstable-amd64 login[437]: pam_systemd_home(login:auth): Home for user moogly successfully acquired.
Apr 30 19:42:23 unstable-amd64 login[437]: pam_unix(login:session): session opened for user moogly(uid=60240) by moogly(uid=0)
Apr 30 19:42:23 unstable-amd64 systemd-logind[371]: New session 3 of user moogly.
Apr 30 19:42:23 unstable-amd64 (systemd)[1155]: pam_systemd_home(systemd-user:account): Home for user moogly successfully acquired.
Apr 30 19:42:23 unstable-amd64 (systemd)[1155]: pam_unix(systemd-user:session): session opened for user moogly(uid=60240) by moogly(uid=0)
Apr 30 19:42:23 unstable-amd64 systemd[1]: Started session-3.scope - Session 3 of User moogly.
Apr 30 19:42:41 unstable-amd64 login[437]: pam_systemd_home(login:session): Not deactivating home directory of moogly, as it is still used.
Apr 30 19:42:41 unstable-amd64 login[437]: pam_unix(login:session): session closed for user moogly
Apr 30 19:42:52 unstable-amd64 systemd-homed[803]: Got notification that all sessions of user moogly ended, deactivating automatically.
Apr 30 19:42:52 unstable-amd64 systemd-homed[803]: moogly: changing state active → deactivating
Apr 30 19:42:52 unstable-amd64 systemd[1]: home-moogly.mount: Deactivated successfully.
Apr 30 19:42:52 unstable-amd64 systemd-homed[803]: moogly: changing state deactivating → inactive
0 root@unstable-amd64:~# cat /home/moogly.homedir/fk15lbYrZ_LgLMkvOjbBUc0wLPIXRS31In8-9hskDAUS_wIvZH94Zw 
test
0 root@unstable-amd64:~#

Steps to reproduce the problem

as the superuser, create user:

homectl create --storage=fscrypt moogly

from a terminal, log in, create a file with cleartext:

unstable-amd64 login: moogly
Password: 
Linux unstable-amd64 6.7.12-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.7.12-1 (2024-04-24) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
moogly@unstable-amd64:~$ echo test > test.txt
moogly@unstable-amd64:~$ exit
logout

wait a minute, then as the superuser, inspect the contents of the files in /home/moogly.homedir. One of them contains test\n in the clear.

This seems related to #20857 and #20968

Additional program output to the terminal or log subsystem illustrating the issue

No response
@dkg dkg added the bug 🐛 Programming errors, that need preferential fixing label May 1, 2024
@github-actions github-actions bot added homed homed, homectl, pam_homed labels May 1, 2024
@dkg
Copy link
Contributor Author

dkg commented May 1, 2024

According to homectl(1), --drop-caches defaults to true when --storage=fscrypt, so i would have expected the result to look the way that it does after a reboot:

0 root@unstable-amd64:~# cat /home/moogly.homedir/fk15lbYrZ_LgLMkvOjbBUc0wLPIXRS31In8-9hskDAUS_wIvZH94Zw 
cat: /home/moogly.homedir/fk15lbYrZ_LgLMkvOjbBUc0wLPIXRS31In8-9hskDAUS_wIvZH94Zw: Required key not available
1 root@unstable-amd64:~#

@dkg
Copy link
Contributor Author

dkg commented May 11, 2024

Any word on this? I'm reluctant to set up any users with --storage=fscrypt if i am not convinced that the files will actually be opaque after full logout.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🐛 Programming errors, that need preferential fixing homed homed, homectl, pam_homed
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dkg