lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ZyKf6ZSZrETI+4/S@redbud>
Date: Wed, 30 Oct 2024 16:06:49 -0500
From: Tyler Hicks <code@...icks.com>
To: Theodore Ts'o <tytso@....edu>
Cc: Arnd Bergmann <arnd@...db.de>, Matthew Wilcox <willy@...radead.org>,
	Arnd Bergmann <arnd@...nel.org>,
	Damien Le Moal <damien.lemoal@...nsource.wdc.com>,
	ecryptfs@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: ecryptfs is unmaintained and untested

On 2024-10-28 21:33:28, Theodore Ts'o wrote:
> On Mon, Oct 28, 2024 at 09:50:37PM +0000, Arnd Bergmann wrote:
> > On Mon, Oct 28, 2024, at 15:02, Matthew Wilcox wrote:
> > >
> > > This comment has been there since June 2021, so I think we can just
> > > delete ecryptfs now?
> > 
> > I have no opinion on removing ecryptfs, but I don't how possibly
> > removing it is related to the patch I sent, as far as I can tell
> > it just means it relies on both CONFIG_BLOCK and CONFIG_BUFFER_HEAD
> > then.
> > 
> > Is there any indication that the last users that had files on
> > ecryptfs are unable to update their kernels?
> 
> Debian is still shipping ecryptfs-utils and is building and including
> the ecryptfs kernel module in their distro kernel.`
> 
> So it seems likely that there are probably a non-zero (although
> probably relatively small) number of ecryptfs users out there.

It would be good to discuss how we can get the message out to users to
migrate off of eCryptfs so that functionality can be reduced and
eventually it can be removed.

What do folks think about the following?

1. Print loud warnings at mount time that eCryptfs is deprecated and
   give a specific date when write support will be removed.
2. Remove write support at that date, while retaining read-only support
   to allow any lagging users to move their data to fscrypt or other
   alternatives.
3. Print loud warnings at mount that eCryptfs will be removed and give a
   specific date.
4. Remove it.

Suggestions on lead times for #2 and #4 would be appreciated.

Tyler

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ