Hi all, I found a news-item on theregister.co.uk this morning relating to cryptkeeper setting the password to "p" (Yes, the single letter 'p') For more information see the following: https://github.com/tomm/cryptkeeper/issues/23 I myself don't use this package. -- Joost
https://github.com/tomm/cryptkeeper/issues/23#issuecomment-276238178 "Cryptkeeper assumed that encfs -S is a stable way to manipulate encfs, which it is not."
As far as I can see the upstream encfs change that causes this behavior is not included in Gentoo? i.e commit c3a7da5eff4055e77dc9404b0c15945485232bf2 Author: Ian Lee <ian.rob.lee@gmail.com> Date: Mon Oct 31 14:38:56 2016 +0000 Fix a segfault when password is zero length. if useStdin and configMode == Config_Prompt, default to Config_Standard, otherwise we might read the password input at the wrong place git tag --contains c3a7da5eff4055e77dc9404b0c15945485232bf2 As last release (1.9.1) was in september and this was included in october. ## As a side note, relying on an interface that isn't intended to be stable for security critical application is really a bad idea by cryptkeeper.
Even though cryptkeeper in Gentoo doesn't seem to be affected yet (due to the encfs upstream patch not applied to any version *currently* in Gentoo), I suggest we follow Debian's way [1] and simply last-rite the package. An essentially unmaintained security critical package isn't exactly a good thing. [1] https://bugs.debian.org/852751
Talk of EncFS reverting of the change in behavior at https://github.com/vgough/encfs/issues/280
commit 3d4e7d289aa383b32b93c5eb8a76f51fb1b07a6c Author: Matthias Maier <tamiko@gentoo.org> Date: Tue Jan 31 16:32:09 2017 -0600 profiles: mask app-crypt/cryptkeeper for removal Dead upstream (no development since 2010) [1,2], outstanding security issue with newer encfs versions [3], oustanding Gentoo bugs [4,5]. Mask for removal in 30 days. [1] https://github.com/tomm/cryptkeeper/commits/master [2] https://github.com/tomm/cryptkeeper/issues/ [3] https://bugs.gentoo.org/show_bug.cgi?id=607772 [4] https://bugs.gentoo.org/show_bug.cgi?id=448360 [5] https://bugs.gentoo.org/show_bug.cgi?id=596832
https://www.theregister.co.uk/2017/01/31/cryptkeeper_cooked/
commit 0625e74f6445ed4dfac4c91eb92c851dbbcccd4c Author: Michał Górny <mgorny@gentoo.org> AuthorDate: Sun Mar 12 22:22:08 2017 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: Sun Mar 12 22:24:49 2017 app-crypt/cryptkeeper: Remove last-rited pkg, #607772
We're done then, thanks for your cooperation.