search

veracrypt / VeraCrypt

Disk encryption with strong security based on TrueCrypt
https://www.veracrypt.fr
Other
6.98k stars 953 forks source link

freebsd bug veracrypt not able to create a basic file container volume #1446

Open justanotherscript opened 3 days ago

justanotherscript commented 3 days ago

Expected behavior

Changes between 1.26.7 and1.26.14 not all but to describe the error (25 August 2024) : FreeBSD: Fix privilege escalation prompts not showing up (GH #1349) Support automatic detection and mounting of ext2/3/4, exFAT, NTFS filesystems (GH #1350) Use correct Disk Utility location when "check filesystem" is ran (GH #1273)

Observed behavior

privilege escalation prompts are appearing for example when trying to create a a basic file container volume but after typing in the correct sudo password "Not enough data available" appears as error.

Steps to reproduce

creating a new veracrypt basic/ standard file container volume

Screenshots

Your Environment

1 2 3 4 5 6 7 8 9 10 11 12 13 14_sudo_promt 15_final_error_despite_correct_password

Please tell us more about your environment

VeraCrypt version: veracrypt-1.26.15 (freebsd package)

Operating system and version: FreeBSD-14.1-RELEASE

System type: 64-bit amd64

tarastella commented 2 days ago

I wonder if I am experiencing the same issue from a different angle. I'm running under FreeBSD 14.1 with veracrypt 1.26.15 installed from ports.

If I run veracrypt as a user, both GUI or text interface, and I try to mount a volume (with the correct volume and sudo passwords), I receive the message: "Error: Not enough data available".

As an example, the command line is: veracrypt --text --load-preferences --mount /home/user/volume.dsk /home/user/Documents/volume/ '--pim=0' '--keyfiles=' '--protect-hidden=no' '--slot=1'

If I run the above command with sudo, that works perfectly, ex: sudo veracrypt --text --load-preferences --mount /home/user/volume.dsk /home/user/Documents/volume/ '--pim=0' '--keyfiles=' '--protect-hidden=no' '--slot=1'

veracrypt, under the hood, invoke sudo to process the actual mount command.

I used truss and the command that fails seems to be: sudo -S -p /usr/local/bin/veracrypt --core-service

truss trace here

With the following problem: effective uid is not 0, is /usr/local/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?

I use ZFS, but the filesystem has setuid attribute activated by default

$ zfs get setuid zroot/usr
NAME       PROPERTY  VALUE   SOURCE
zroot/usr  setuid    on      default

And that is also confirmed by the fact I can run sudo in other contexts without problems. Thanks a million!

@justanotherscript can you check with truss if you have the same problem please?

P.S. Not sure mine is actually a veracrypt bug, but I can't understand what I am doing wrong.

justanotherscript commented 1 day ago

@tarastella thanks for the idea i tried the same as described above this time with the veracrypt gui port. And there the exact error is being shown except this time it doesnt even ask me for a sudo password like before, but just shows me the error "Not enough data available". Just to make it clear before you answered I installed veracrypt with "pkg install veracrypt" and now I also tried it with "cd /usr/ports/security/veracrypt/ && make install clean". I will also provide as above the screenshots of the behavior of the port package.

1 2 3 4 5 6 7 8 9 10 10_with_error 11_info

justanotherscript commented 1 day ago

I know FreeBSD might not be the biggest priority, but maybe you can take a look at it when you get a chance. Thank you in advance @idrassi

tarastella commented 1 day ago

Out of curiosity @justanotherscript, can you run through the process with sudo (if you haven't already)? Open a terminal, do "sudo veracrypt", and check if you have the same error message. Thanks

justanotherscript commented 14 hours ago

When I ran the package the whole time as root the error doesn't occurs (but the thing here that the package seems to be a more recent version than the ports version at least in this case ). In the most recent version the error should have been fixed to escalate the privileges without the need to start it from beginning with sudo.

The screenshots are from the prebuild binary package: veracrypt_starting_as_root(pkg)

error_not_appearing_run_as_root

![error_not_appearing_run_as_root](https://github.com/user-attachment

info s/assets/85b41816-f6c6-48d7-9281-1a6a576d5b0e)

tarastella commented 6 hours ago

As we're in the realm of curiosity, and to understand if my issue is the same as yours, can you please run this command as a user please?

truss -s 1024 -f -o vera.out veracrypt

and reproduce the error. Then attach here the vera.out. I wonder if you have the same problem when veracrypt under the hood calls sudo. Thanks