VeraCrypt icon indicating copy to clipboard operation
VeraCrypt copied to clipboard

Published 20 hours ago verified publisher icon veracrypt

Add support for OpenDoas for privilege escalation

Open ComplicatedPenguin opened this issue 3 years ago • 9 comments

Desired behavior

OpenDoas support for privilege escalation

Additional information

I was trying to encrypt an external drive using VeraCrypt and i started VeraCrypt volume creation wizard, and I reached the part that I must provide password for my new encrypted VeraCrypt volume and I wrote my password and after that VeraCrypt showed an error about sudo not being available: veracrypt One possible way I suggest this may be done is implementing a checker that checks for sudo and if it finds out host system doesn't have sudo installed tries to run the same task with doas. OpenDoas GitHub repository

Your Environment

VeraCrypt version: 1.24-Update7-1

Operating system and version: Arch Linux

System type: 64-bit

ComplicatedPenguin avatar Sep 04 '21 17:09 ComplicatedPenguin

I agree with this, it would be nice if veracrypt does not depend on sudo, - but instead can also be used with e.g. doas.

766F6964 avatar Sep 16 '21 13:09 766F6964

I agree this is a nice feature to have. As an addition, symlinking sudo to doas tries to work but fails, stating "sudo: invalid option -- 'S'"

vanilladrop avatar Sep 19 '21 04:09 vanilladrop

Yes please. I just switched to doas from sudo and to my dismay I can no longer use veracrypt.

vercingetorx avatar Dec 30 '21 03:12 vercingetorx

I have started doing changes to support doas but the blocking issue is that it doesn't support reading the password from pipe. This is needed so we can send the password from VeraCrypt to the forked doas performing privileged operation.

I have found that someone who needed the same approach opened an issue on OpenDoas but it was closed because it will not be implemented (https://github.com/Duncaen/OpenDoas/issues/33).

So it seems that it will not be possible to support doas in VeraCrypt in the near future. Of course, I'm open to ideas/proposals for possible workarounds.

idrassi avatar Jan 01 '22 13:01 idrassi

Well that's a bummer. Thanks for trying.

vercingetorx avatar Jan 01 '22 15:01 vercingetorx

Running veracrypt as root is almost a work around, but the mount will be owned by it too :/

a99984b1799 avatar Oct 31 '22 23:10 a99984b1799

I found workaround can be decrypt without root.

if [ ! -f /etc/udisks2/tcrypt.conf ] ; then sudo touch /etc/udisks2/tcrypt.conf; fi

and reboot . then thunar will be able to decrypt the veracrypt volume.

Otherwise, option to use udisksctl from cui

udiskctl unlock -b /dev/sdX#

Mounting veracrypt volume

udisksctl mount -b /dev/dm-#

Tested with ArchLinux

ghost avatar Nov 27 '22 02:11 ghost

Would be solved by https://github.com/veracrypt/VeraCrypt/issues/887

TheDuchy avatar Mar 24 '23 11:03 TheDuchy

Running veracrypt as root is almost a work around, but the mount will be owned by it too :/

maybe this can be a workaround. as i mentioned in this comment, i've only tested it on openbsd https://github.com/veracrypt/VeraCrypt/issues/589#issuecomment-1872183317

withs avatar Dec 29 '23 16:12 withs