request for testers of zuluCrypt

[muungwana]

i dont see why removing cryptsetup will remove firefox and gimp as your image suggests but sometimes packages creates complicated dependencies and hence can be difficult to remove.

I would assume cryptsetup is tied to the installer and the installer is tied to some other package firefox and gimp depends on and hence removing it also pulls down other packages that seem completely unrelated to it.

Keeping dependencies strait is not an easy task and the number of packages to keep track on doesnt make things easier.

The entire cryptsetup package is less than 300K. It hardly take any space and i would suggest to just leave it and forget about it if you dont use it.

I would advise against removing with its current dependencies. If you believe strongly about not wanting it, you can create a post and ask for its dependencies to be examined to see if it has unnecessary dependencies and if they can be removed so that only itself can be removed.

[pmurdia]

Well, as if now, I guess I should go with your suggestion, which is, 'The entire cryptsetup package is less than 300K. It hardly take any space and i would suggest to just leave it and forget about it if you dont use it.' Since, it would be okay, if I remove, it (the system) may have other complications (just a guess) as per what the Synaptic is showing of! So for 300k, I should not take the risk of break or any thing related.

[Old-Polack]

Allow me to correct myself, truecrypt expected to be run either from root's privileged user or from a normal user with a functional sudo setup.

The first expectation should show an obvious problem, if you have multiple people on the computer who want to use it, then multiple people will have to have the root's password decreasing security. If you set up sudo for everybody to use it then whats stopping a person from pointing it to the root's partition and create a new volume on it? effectively deleting it? Less secure on both use cases.

If anybody think the above amount to spreading FUD on truecrypt then tell me and i will gladly modify my statement.

I don't see the above happening because the truecrypt users don't need the root password. Truecrypt places two lines in the /etc/sudoers file;

%truecrypt ALL=(root)  NOPASSWD:/usr/local/bin/truecrypt
ALL ALL=NOPASSWD:/bin/mount -o loop* -t iso9660* /home/*/.kisotmp/* ,/bin/umount /home/*/.kisotmp/*

To use truecrypt one only needs to be part of the truecrypt group. Clearly, no password is required to launch truecrypt, as seen in the first line. Only two other commands are needed for seamless user operation of truecrypt; that to loop mount the encrypted volume, and one to unmount the volume after use. Both are provided, again with no password needed, by the second line. Being aware of good sudo practices, truecrypt only provides for the bare minimum of very specific commands necessary to operate the application; nothing extra.

The only passwords needed are those of the encrypted volumes themselves, and they are created by the normal user, can be different for each volume encrypted, and stored in the volume itself.

[muungwana]

%truecrypt ALL=(root)  NOPASSWD:/usr/local/bin/truecrypt
ALL ALL=NOPASSWD:/bin/mount -o loop* -t iso9660* /home/*/.kisotmp/* ,/bin/umount /home/*/.kisotmp/*

how does this prevent a normal user in the truecrypt group from creating an encrypted volume in root's partition borking the install in the process?

Since "/dev/" isnt in the list, i assume truecrypt can then work either with all partitions( allowing the scenario i presented above) or with non making it useless for hard drive management.

[Old-Polack]

%truecrypt ALL=(root)  NOPASSWD:/usr/local/bin/truecrypt
ALL ALL=NOPASSWD:/bin/mount -o loop* -t iso9660* /home/*/.kisotmp/* ,/bin/umount /home/*/.kisotmp/*

how does this prevent a normal user in the truecrypt group from creating an encrypted volume in root's partition borking the install in the process?

Since "/dev/" isnt in the list, i assume truecrypt can then work either with all partitions( allowing the scenario i presented above) or with non making it useless for hard drive management.

Probably this;



Your normal user doesn't have permissions to write to /root. Running truecrypt as a normal user doesn't change that.

When I try to place the volume directly in / as shown here;



truecrypt goes through the whole process, until it's time to actually create the volume, then, again, I get this;



My normal user, again, has no write permissions for /.

[muungwana]

Use the normal device node addresses, those that start with "/dev/". If your root's partition is at "/dev/sda4" then use that address.

I get an error here saying it can not create volumes in system partitions in linux, it can only do that in windows.

I tried to see if i could create a volume on my home partition and it failed because it attempted to unmount it and couldnt because the partition is in use.

You are using it wrong and thats why you are getting those error msgs.

[muungwana]

Your normal user doesn't have permissions to write to /root. Running truecrypt as a normal user doesn't change that.

truecrypt attempt to elevate when it tries to do something that requires root's privileges and if it is run from a normal user, it will ask the user for their password because it expects functional sudo setup.

As far as truecrypy is concerned, you can not call a user a "normal" user when they are a part of truecrypt group with config options like the ones you have because truecrypt will then silently elevates everytime it need to. If a user is already a part of truecrypt group, they will not get a "permission denied" error for lack of necessary privileges and hence can not still be considered as "normal" users.

[Old-Polack]

Your normal user doesn't have permissions to write to /root. Running truecrypt as a normal user doesn't change that.

truecrypt attempt to elevate when it tries to do something that requires root's privileges and if it is run from a normal user, it will ask the user for their password because it expects functional sudo setup.

As far as truecrypy is concerned, you can not call a user a "normal" user when they are a part of truecrypt group with config options like the ones you have because truecrypt will then silently elevates everytime it need to. If a user is already a part of truecrypt group, they will not get a "permission denied" error for lack of necessary privileges and hence can not still be considered as "normal" users.

I am a member of the truecrypt group, as my normal user, and can create volumes wherever I have write permissions as such. I've used truecrypt as a normal user for as long as there has been a Linux version of truecrypt. Never have I seen the escalations you describe.

[muungwana]

I am a member of the truecrypt group, as my normal user, and can create volumes wherever I have write permissions as such. I've used truecrypt as a normal user for as long as there has been a Linux version of truecrypt. Never have I seen the escalations you describe.

You dont need root's privileges to create volumes that reside in areas you have write access to but you will need root's privileges to open them because a mapper device addresses are created at "/dev/mapper" and you need root's privileges to write to "/dev".

try this, rename your "/etc/sudoers" file and then attempt to open a truecrypt volume, you will be prompted for a password and no password you present will work because truecrypt will attempt to use sudo to elevate its privileges and it will always fail because of a non functional sudo.

If you are a member of truecrypt group and with the sudo setup you have, then trycrypt will run with root's privileges everytime it needs those privileges, it will elevate silently and you can no longer say you are running it as a normal user because you arent.

Dont have a sudoers file and try to open a truecrypt volume from your normal account and tell us what happen. This is the only way you will be 100% sure truecrypt is running with your own privileges and not anybody elses.

[Old-Polack]

I am a member of the truecrypt group, as my normal user, and can create volumes wherever I have write permissions as such. I've used truecrypt as a normal user for as long as there has been a Linux version of truecrypt. Never have I seen the escalations you describe.

You dont need root's privileges to create volumes that reside in areas you have write access to but you will need root's privileges to open them because a mapper device addresses are created at "/dev/mapper" and you need root's privileges to write to "/dev".

try this, rename your "/etc/sudoers" file and then attempt to open a truecrypt volume, you will be prompted for a password and no password you present will work because truecrypt will attempt to use sudo to elevate its privileges and it will always fail because of a non functional sudo.

If you are a member of truecrypt group and with the sudo setup you have, then trycrypt will run with root's privileges everytime it needs those privileges, it will elevate silently and you can no longer say you are running it as a normal user because you arent.

Dont have a sudoers file and try to open a truecrypt volume from your normal account and tell us what happen. This is the only way you will be 100% sure truecrypt is running with your own privileges and not anybody elses.

I see you still don't grasp the concept of sudo when it's used properly. Your normal user doesn't get privileges elevated arbitrarily through sudo. Each specific command needed to run truecrypt as a normal user, transparently, is set up in sudo, and only those commands are run with root privileges, not by the user directly, but through truecrypt; in this case the ability to mount and unmount truecrypt volumes, and only those for which the volume passwords are known.. This is not blanket root privileges that can be escalated.

Mount and umount are activities reserved to root. When you use Dolphin to mount a partition as a normal user, it ends up in /media/<something>, without needing a root password, because hal-mount (or dev-mount) does something similar, treating it as if it were a removable device. Are you worried about privilege escalation here?

When you set up fstab to allow user mounting of optical devices, floppy disks, zip drives, or data partitions, root is needed initially, to do this. Root can simply say, "I give this right, to mount and unmount, to normal users for these specific volumes." Once set up, normal users can mount and unmount the specified volumes, without having to su to root or entering a root password. Are you worried about privilege escalation from fstab?

Sudo, in this case, uses the same principal; root transfers the specific right, to a normal user in the truecrypt group, for the mounting of truecrypt volumes, through truecrypt, which are items not to be found in fstab. There is no more danger of privilege escalation than there is from a properly set up fstab.

I also have, in my /etc/sudoers file, this line;

polack          ALL=(ALL)  NOPASSWD:/bin/mount,/bin/umount

I don't use that to enter sudo mount <something> <somewhere> in terminals, in a willy-nilly manner. It's necessary to run these two aliases;

Code: [Select]

alias imnt='mkdir ~/Desktop/iso && sudo mount -o loop *.[i-I][s-S][o-O] ~/Desktop/iso && konqueror ~/Desktop/iso && cl'

alias umnt='sudo umount ~/Desktop/iso && rmdir ~/Desktop/iso'

With four letters, imnt, I can loop mount any .iso image on a newly created, specific mountpoint directory, and view its contents in the konqueror file manager that is then opened. I use this a lot for setting up liveHDD versions of all the various PCLinuxOS releases. The alias only works from within the actual directory holding the single .iso image.

When done, another four letters, umnt, unmounts the image and deletes the mountpoint directory from my desktop. This alias can be used from any terminal, at any location, but usually the one from which the first was entered.

[muungwana]

i dont see you diagreeing with me or with my understanding of sudo, i think we both have the same understanding.

I saw your comment as elaborating on one of my points and i wrote mine primarily because i though you got wrong and misleading error messages and you were writing from them and was just trying to explain to you that   those error msgs has nothing to do with privileges.

There are features of truecrypt that need root privileges to work properly and they will simply fail to work if truecrypt fails to get them.

I think we can both agree with the above.

Now. How do these features get those privileges?

You can.
1. Start truecrypt with root's privileges from the start using something like: su -c truecrypt

2. Set up sudo and let truecrypt use it to elevate its privileges. It will do that silently if the "NOPASSWD" directive is included in sudoers file or will prompt if it isnt.

I think we can both agree with the above.

If you go with the first alternative, then you need the root's password, if you go with latter, then you dont.

I think we can both agree with the above.

I presented both alternatives with my explanation of truecrypt and how it gets privileges it needs to work as expected.

You came in and say "you dont need root's password" and went on to expand on the second point.

Initially i saw your post as elaborating on your choice of using truecrypt, choice number two which does not need root's password.

And then you put that comment with pictures where you were getting permission denied errors and your reasons for getting those errors were not correct and i responded to that error.

I assume you though you were getting those errors from code in truecrypt that is not elevated.

I assume those errors messages came from code in truecrypt that runs elevated. This means truecrypt already elevated and hence you reasoning for getting those error msgs is not correct.

Your reasons where:
"My normal user, again, has no write permissions for /.

"Your normal user doesn't have permissions to write to /root. Running truecrypt as a normal user doesn't change that."

Simple test, remove your sudoers file and restart truecrypt and repeat the same steps and see if you will get the password prompt before those error msgs.

Two different assumptions that lead to what amounts to a distraction.

A valid answer you could have given i find out today is that truecrypt attempts to unmount a partition it tries to create a volume in and since you can not unmount a root partition while the system is running, you can not create a volume in a root's partition and hence my scenario doesnt work and one way to give users permissions to use truecrypt with sudo while protecting the system from users abusing truecrypt and corrupt partitions is to mount them at boot time.