|
|
|
|
|
|
by Dylan16807
4349 days ago
|
|
|
Nevermind, I tested myself and properly read the post[1] after getting some sleep. Truecrypt does need root and he gave sudo rights for it. Otherwise it asks for a suitable password when used to mount. So this isn't a security flaw, this is a feature request for non-root mounting. Except you can already use FUSE so I'm not sure what the complaint is at all. Don't let people run commands as root that weren't designed for it. Sorry about the noise. [1] http://vinicius777.github.io/blog/2014/07/14/truecrypt-privi... |
|
|
You need root privileges to gain access to kernel cryto and other kernel managed resources.
For a project to be usable to normal users,it need to be assessable to normal users and hence it need to walk a fine line between being privileged and being not privileged as it need to exist on both side of the fence.
As far as TrueCrypt is concerned,any person who sets up TrueCrypt for somebody else to use end up setting up passwordless sudo for it and this opens up the discussed problem.It is a security issue in a sense that TrueCrypt does not take into account its privileged position when it interfaces with mount command.You can nitpick on the passwordless sudo part but one way or the other,TrueCrypt expect to be run privileged and sudo is the easiest path but pick any other method you prefer.
FUSE will give you a workaround as far as mounting is concerned but you will still need root privileges when invoking kernel crypto or other kernel managed infrastructure. FUSE also solves a mounting problem but a different one.
There are 3 different "techniques" that can be used to allow a normal user to do mounting operations and i discussed them here[1] as the first FAQ entry.
This will be a security issue if it happened to udisks or anybody else i know.Maybe linux users of TrueCrypt are a completely different audience when it comes to this kind of privilege separation issues.
[1] https://code.google.com/p/zulucrypt/wiki/FAQ