[Dylan16807]

Which means providing a program or service that is meant to be invoked by non-root users, and will perform limited trusted behaviors on their behalf.

This is a feature request, not a security flaw. It's a pretty glaring gap that should be filled, but it's not a mistake.

[mhogomchungu]

TrueCrypt GUI is designed to be invokable by non-root users.I can not say "meant" because only TrueCrypt developers know what they actually mean with anything.

Start TrueCrypt GUI from a normal user account and TrueCrypt will attempt to self elevate internally using a functional sudo setup.This shows a deliberate attempt by TrueCrypt to be usable by normal users.It just leave it up to the user to setup sudo for it.

Setup sudo to require a password and TrueCrypt will get stuck on its password prompt(bug) and hence passwordless sudo setup will be the only way to go when setting up TrueCrypt to be used by normal users or,alternatively,starting up TrueCrypt from root's account for normal users(not very practical/convenient).

With both ways,the discussed problem will be there.