Encrypt timestamps about securefs HOT 13 CLOSED

A critical security vulnerability has been found in securefs version 0.4.0 to 0.6.0. If you have used these version to encrypt your data, please either migrate to the newest version or some other encryption software.

from securefs.

This will impact performance a lot. Especially if we also record access time.

from securefs.

I understand that, so it should be optional and not enabled by default.
I am personally not interested in atime.

from securefs.

It is now implemented in the main branch. Enable it at creation time by the flag "--store_time". Example

securefs c data --store_time

It hasn't been extensively tested.

from securefs.

You have to build the HEAD version if you want to test this feature for now.

from securefs.

Awesome, thanks! I will try it out after the holidays.

from securefs.

Hold on for now. I'm going to make some incompatible changes to the new format.

from securefs.

It should now be stable.

from securefs.

Feedback is welcome 😊

from securefs.

It seems to work great on both local filesystems and a on top of a pCloud mount on Linux.

It does not work on an acd_cli mount however (with or without --store_time):

root@server:~# securefs create --store_time /mnt/acd/.sfs
Password:
Retype password:
terminate called after throwing an instance of 'securefs::POSIXException'
  what():  Illegal seek # pwrite
Aborted

After that I can mount it without errors, but when trying to access the mount I get "Input/output error". Not sure if this worked with older versions of either securefs or acd_cli.

from securefs.

Well, that means acd_cli does not support the necessary filesystem operations securefs needs to build on. But it is rather odd that the exception is not caught, since the create command is wrapped in a try-catch block.

from securefs.

Apparently this is a known problem with acd_cli and it's being worked on. I am mainly going to use it with pCloud anyway. Thank you very much for implementing this! Can I consider the on-disk format stable (or forward-compatible) for the foreseeable future?

from securefs.

The on-disk format with encrypted timestamps is now stable. If I want incompatible changes, I will introduce a new format that must be specified on creation.

from securefs.