Truecrypt running as sudo

December 13, 2008

Recently, i was going through the following truecrypt page:
http://en.gentoo-wiki.com/wiki/TrueCrypt

What is interesting to note is the recommendation to add ‘truecrypt group’ in the sudo commands. As truecrypt needs to be run as root, I assume that people will be making this binary a suid as root too.

To me this does not look very secure. Unlike a nfs share, which is by default mounted with root squashing enabled, truecrypt volumes do not have any such thing. Thus if a box has set truecrypt binary as suid. one just needs to transfer an encrypted volume(containing a suid bash file) on this box, mount this volumne and just execute this suid binary. This should give him a root shell.

Thus it is important that truecrypt should not be run as suid. This may be already known to some, but hey, i found it interesting. 🙂

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Trackback