diff options
Diffstat (limited to 'src/Core')
41 files changed, 307 insertions, 109 deletions
diff --git a/src/Core/Core.h b/src/Core/Core.h index b9e53021..b2573cd4 100644 --- a/src/Core/Core.h +++ b/src/Core/Core.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/CoreBase.cpp b/src/Core/CoreBase.cpp index 0c6d5c9e..d2dbd6d7 100644 --- a/src/Core/CoreBase.cpp +++ b/src/Core/CoreBase.cpp @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -22,8 +22,11 @@ namespace VeraCrypt : DeviceChangeInProgress (false) #if defined(TC_LINUX ) || defined (TC_FREEBSD) , UseDummySudoPassword (false) #endif +#if defined(TC_UNIX) + ,AllowInsecureMount (false) +#endif { } CoreBase::~CoreBase () diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h index 7f830336..e4ff0a94 100644 --- a/src/Core/CoreBase.h +++ b/src/Core/CoreBase.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -79,8 +79,18 @@ namespace VeraCrypt virtual void WipePasswordCache () const = 0; virtual void ForceUseDummySudoPassword (bool useDummySudoPassword) { UseDummySudoPassword = useDummySudoPassword;} virtual bool GetUseDummySudoPassword () const { return UseDummySudoPassword;} +#if defined(TC_UNIX) + virtual bool IsProtectedSystemDirectory (const DirectoryPath &directory) const = 0; + virtual bool IsDirectoryOnUserPath(const DirectoryPath &directory) const = 0; + virtual void SetAllowInsecureMount (bool allowInsecureMount) { AllowInsecureMount = allowInsecureMount; } + virtual bool GetAllowInsecureMount () const { return AllowInsecureMount; } +#endif + + virtual void SetUserEnvPATH (const string &path) { UserEnvPATH = path; } + virtual string GetUserEnvPATH () const { return UserEnvPATH; } + Event VolumeDismountedEvent; Event VolumeMountedEvent; Event WarningEvent; @@ -88,10 +98,15 @@ namespace VeraCrypt CoreBase (); bool DeviceChangeInProgress; FilePath ApplicationExecutablePath; + string UserEnvPATH; bool UseDummySudoPassword; +#if defined(TC_UNIX) + bool AllowInsecureMount; +#endif + private: CoreBase (const CoreBase &); CoreBase &operator= (const CoreBase &); }; diff --git a/src/Core/CoreException.cpp b/src/Core/CoreException.cpp index 9284d714..a8123917 100644 --- a/src/Core/CoreException.cpp +++ b/src/Core/CoreException.cpp @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/CoreException.h b/src/Core/CoreException.h index 8eab1b8e..b2e6b0a1 100644 --- a/src/Core/CoreException.h +++ b/src/Core/CoreException.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/FatFormatter.cpp b/src/Core/FatFormatter.cpp index c8115f9b..0d29c33d 100644 --- a/src/Core/FatFormatter.cpp +++ b/src/Core/FatFormatter.cpp @@ -5,9 +5,9 @@ governed by the TrueCrypt License 3.0, also from the source code of Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux and which is governed by the 'License Agreement for Encryption for the Masses' Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/FatFormatter.h b/src/Core/FatFormatter.h index 17f4dd39..1a7de26d 100644 --- a/src/Core/FatFormatter.h +++ b/src/Core/FatFormatter.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/HostDevice.cpp b/src/Core/HostDevice.cpp index f48d84d7..4b9f8f2f 100644 --- a/src/Core/HostDevice.cpp +++ b/src/Core/HostDevice.cpp @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/HostDevice.h b/src/Core/HostDevice.h index 48adf32a..93779281 100644 --- a/src/Core/HostDevice.h +++ b/src/Core/HostDevice.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/MountOptions.cpp b/src/Core/MountOptions.cpp index 2f28c089..6228d3cf 100644 --- a/src/Core/MountOptions.cpp +++ b/src/Core/MountOptions.cpp @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/MountOptions.h b/src/Core/MountOptions.h index 3dcfa599..449ccbae 100644 --- a/src/Core/MountOptions.h +++ b/src/Core/MountOptions.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/RandomNumberGenerator.cpp b/src/Core/RandomNumberGenerator.cpp index b60b4eed..781d951e 100644 --- a/src/Core/RandomNumberGenerator.cpp +++ b/src/Core/RandomNumberGenerator.cpp @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/RandomNumberGenerator.h b/src/Core/RandomNumberGenerator.h index 333a8e36..5fd769a7 100644 --- a/src/Core/RandomNumberGenerator.h +++ b/src/Core/RandomNumberGenerator.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp index e4b75dd3..dc2f4e6b 100644 --- a/src/Core/Unix/CoreService.cpp +++ b/src/Core/Unix/CoreService.cpp @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -98,8 +98,13 @@ namespace VeraCrypt while (true) { shared_ptr <CoreServiceRequest> request = Serializable::DeserializeNew <CoreServiceRequest> (inputStream); + // Update Core properties based on the received request + Core->SetUserEnvPATH (request->UserEnvPATH); + Core->ForceUseDummySudoPassword(request->UseDummySudoPassword); + Core->SetAllowInsecureMount(request->AllowInsecureMount); + try { // ExitRequest if (dynamic_cast <ExitRequest*> (request.get()) != nullptr) @@ -282,26 +287,36 @@ namespace VeraCrypt { static Mutex mutex; ScopeLock lock (mutex); + // Copy Core properties to the request so that they can be transferred to the elevated process + request.ApplicationExecutablePath = Core->GetApplicationExecutablePath(); + request.UserEnvPATH = Core->GetUserEnvPATH(); + request.UseDummySudoPassword = Core->GetUseDummySudoPassword(); + request.AllowInsecureMount = Core->GetAllowInsecureMount(); + if (request.RequiresElevation()) { request.ElevateUserPrivileges = true; request.FastElevation = !ElevatedServiceAvailable; - request.ApplicationExecutablePath = Core->GetApplicationExecutablePath(); - + while (!ElevatedServiceAvailable) { // Test if the user has an active "sudo" session. bool authCheckDone = false; if (!Core->GetUseDummySudoPassword ()) { - // sudo man page: "If the -l option was specified without a command, sudo, will exit - // with a value of 0 if the user is allowed to run sudo, and they authenticated successfully" // We are using -n to avoid prompting the user for a password. // We are redirecting stderr to stdout and discarding both to avoid any output. // This approach also works on newer macOS versions (12.0 and later). - FILE* pipe = popen("sudo -n -l > /dev/null 2>&1", "r"); // redirect stderr to stdout and discard both. + std::string errorMsg; + + string sudoAbsolutePath = Process::FindSystemBinary("sudo", errorMsg); + if (sudoAbsolutePath.empty()) + throw SystemException(SRC_POS, errorMsg); + + std::string popenCommand = sudoAbsolutePath + " -n true > /dev/null 2>&1"; // We redirect stderr to stdout (2>&1) to be able to catch the result of the command + FILE* pipe = popen(popenCommand.c_str(), "r"); if (pipe) { // We only care about the exit code char buf[128]; @@ -395,17 +410,28 @@ namespace VeraCrypt try { try { + // Throw exception if sudo is not found in secure locations + std::string errorMsg; + string sudoPath = Process::FindSystemBinary("sudo", errorMsg); + if (sudoPath.empty()) + throw SystemException(SRC_POS, errorMsg); + + string appPath = request.ApplicationExecutablePath; + // if appPath is empty or not absolute, use FindSystemBinary to get the full path of veracrpyt executable + if (appPath.empty() || appPath[0] != '/') + { + appPath = Process::FindSystemBinary("veracrypt", errorMsg); + if (appPath.empty()) + throw SystemException(SRC_POS, errorMsg); + } + throw_sys_if (dup2 (inPipe->GetReadFD(), STDIN_FILENO) == -1); throw_sys_if (dup2 (outPipe->GetWriteFD(), STDOUT_FILENO) == -1); throw_sys_if (dup2 (errPipe.GetWriteFD(), STDERR_FILENO) == -1); - string appPath = request.ApplicationExecutablePath; - if (appPath.empty()) - appPath = "veracrypt"; - - const char *args[] = { "sudo", "-S", "-p", "", appPath.c_str(), TC_CORE_SERVICE_CMDLINE_OPTION, nullptr }; + const char *args[] = { sudoPath.c_str(), "-S", "-p", "", appPath.c_str(), TC_CORE_SERVICE_CMDLINE_OPTION, nullptr }; execvp (args[0], ((char* const*) args)); throw SystemException (SRC_POS, args[0]); } catch (Exception &) diff --git a/src/Core/Unix/CoreService.h b/src/Core/Unix/CoreService.h index dfb8b350..5c43f0ed 100644 --- a/src/Core/Unix/CoreService.h +++ b/src/Core/Unix/CoreService.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/CoreServiceProxy.h b/src/Core/Unix/CoreServiceProxy.h index d57d8163..896df3e6 100644 --- a/src/Core/Unix/CoreServiceProxy.h +++ b/src/Core/Unix/CoreServiceProxy.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/CoreServiceRequest.cpp b/src/Core/Unix/CoreServiceRequest.cpp index 98101ba4..14e2ec28 100644 --- a/src/Core/Unix/CoreServiceRequest.cpp +++ b/src/Core/Unix/CoreServiceRequest.cpp @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -22,8 +22,11 @@ namespace VeraCrypt sr.Deserialize ("AdminPassword", AdminPassword); ApplicationExecutablePath = sr.DeserializeWString ("ApplicationExecutablePath"); sr.Deserialize ("ElevateUserPrivileges", ElevateUserPrivileges); sr.Deserialize ("FastElevation", FastElevation); + sr.Deserialize ("UserEnvPATH", UserEnvPATH); + sr.Deserialize ("UseDummySudoPassword", UseDummySudoPassword); + sr.Deserialize ("AllowInsecureMount", AllowInsecureMount); } void CoreServiceRequest::Serialize (shared_ptr <Stream> stream) const { @@ -32,8 +35,11 @@ namespace VeraCrypt sr.Serialize ("AdminPassword", AdminPassword); sr.Serialize ("ApplicationExecutablePath", wstring (ApplicationExecutablePath)); sr.Serialize ("ElevateUserPrivileges", ElevateUserPrivileges); sr.Serialize ("FastElevation", FastElevation); + sr.Serialize ("UserEnvPATH", UserEnvPATH); + sr.Serialize ("UseDummySudoPassword", UseDummySudoPassword); + sr.Serialize ("AllowInsecureMount", AllowInsecureMount); } // CheckFilesystemRequest void CheckFilesystemRequest::Deserialize (shared_ptr <Stream> stream) diff --git a/src/Core/Unix/CoreServiceRequest.h b/src/Core/Unix/CoreServiceRequest.h index 5b12cc11..77778ca2 100644 --- a/src/Core/Unix/CoreServiceRequest.h +++ b/src/Core/Unix/CoreServiceRequest.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -19,17 +19,20 @@ namespace VeraCrypt { struct CoreServiceRequest : public Serializable { - CoreServiceRequest () : ElevateUserPrivileges (false), FastElevation (false) { } + CoreServiceRequest () : ElevateUserPrivileges (false), FastElevation (false), UseDummySudoPassword (false), AllowInsecureMount (false) { } TC_SERIALIZABLE (CoreServiceRequest); virtual bool RequiresElevation () const { return false; } string AdminPassword; FilePath ApplicationExecutablePath; bool ElevateUserPrivileges; bool FastElevation; + string UserEnvPATH; + bool UseDummySudoPassword; + bool AllowInsecureMount; }; struct CheckFilesystemRequest : CoreServiceRequest { diff --git a/src/Core/Unix/CoreServiceResponse.cpp b/src/Core/Unix/CoreServiceResponse.cpp index b53b8a30..1eb0af3f 100644 --- a/src/Core/Unix/CoreServiceResponse.cpp +++ b/src/Core/Unix/CoreServiceResponse.cpp @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/CoreServiceResponse.h b/src/Core/Unix/CoreServiceResponse.h index 1f4c675e..91a2483b 100644 --- a/src/Core/Unix/CoreServiceResponse.h +++ b/src/Core/Unix/CoreServiceResponse.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/CoreUnix.cpp b/src/Core/Unix/CoreUnix.cpp index 1868eb6d..1f2d3125 100644 --- a/src/Core/Unix/CoreUnix.cpp +++ b/src/Core/Unix/CoreUnix.cpp @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -28,8 +28,43 @@ namespace VeraCrypt static string GetTmpUser (); static bool SamePath (const string& path1, const string& path2); #endif + // Struct to hold terminal emulator information + struct TerminalInfo { + const char* name; + const char** args; + const char** dependency_path; + }; + + // Popular terminal emulators data and arguments + static const char* xterm_args[] = {"-T", "fsck", "-e", NULL}; + + static const char* gnome_args[] = {"--title", "fsck", "--", "sh", "-c", NULL}; + static const char* gnome_deps[] = {"dbus-launch", NULL}; + + static const char* konsole_args[] = {"--hold", "-p", "tabtitle=fsck", "-e", "sh", "-c", NULL}; + static const char* xfce4_args[] = {"--title=fsck", "-x", "sh", "-c", NULL}; + static const char* mate_args[] = {"--title", "fsck", "--", "sh", "-c", NULL}; + static const char* lxterminal_args[] = {"--title=fsck", "-e", "sh", "-c", NULL}; + static const char* terminator_args[] = {"-T", "fsck", "-x", "sh", "-c", NULL}; + static const char* urxvt_args[] = {"-title", "fsck", "-e", "sh", "-c", NULL}; + static const char* st_args[] = {"-t", "fsck", "-e", "sh", "-c", NULL}; + + // List of popular terminal emulators + static const TerminalInfo TERMINALS[] = { + {"xterm", xterm_args, NULL}, + {"gnome-terminal", gnome_args, gnome_deps}, + {"konsole", konsole_args, NULL}, + {"xfce4-terminal", xfce4_args, NULL}, + {"mate-terminal", mate_args, NULL}, + {"lxterminal", lxterminal_args, NULL}, + {"terminator", terminator_args, NULL}, + {"urxvt", urxvt_args, NULL}, + {"st", st_args, NULL}, + {NULL, NULL, NULL} + }; + CoreUnix::CoreUnix () { signal (SIGPIPE, SIG_IGN); @@ -46,16 +81,18 @@ namespace VeraCrypt { if (!mountedVolume->MountPoint.IsEmpty()) DismountFilesystem (mountedVolume->MountPoint, false); - list <string> args; - - args.push_back ("-T"); - args.push_back ("fsck"); + // Find system fsck first + std::string errorMsg; + std::string fsckPath = Process::FindSystemBinary("fsck", errorMsg); + if (fsckPath.empty()) { + throw SystemException(SRC_POS, errorMsg); + } - args.push_back ("-e"); + list <string> args; - string xargs = "fsck "; + string xargs = fsckPath + " "; // Use absolute fsck path #ifdef TC_LINUX if (!repair) xargs += "-n "; @@ -63,51 +100,50 @@ namespace VeraCrypt xargs += "-r "; #endif xargs += string (mountedVolume->VirtualDevice) + "; echo '[Done]'; read W"; - args.push_back (xargs); + // Try each terminal + for (const TerminalInfo* term = TERMINALS; term->name != NULL; ++term) { + errno = 0; + std::string termPath = Process::FindSystemBinary(term->name, errorMsg); + if (termPath.length() > 0) { + // check dependencies + if (term->dependency_path) { + bool depFound = true; + for (const char** dep = term->dependency_path; *dep != NULL; ++dep) { + string depPath = Process::FindSystemBinary(*dep, errorMsg); + if (depPath.empty()) { + depFound = false; + break; + } + } - try - { - Process::Execute ("xterm", args, 1000); - } catch (TimeOut&) { } -#ifdef TC_LINUX - catch (SystemException&) - { - // xterm not available. Try with KDE konsole if it exists - struct stat sb; - if (stat("/usr/bin/konsole", &sb) == 0) - { - args.clear (); - args.push_back ("-p"); - args.push_back ("tabtitle=fsck"); - args.push_back ("-e"); - args.push_back ("sh"); - args.push_back ("-c"); - args.push_back (xargs); - try - { - Process::Execute ("konsole", args, 1000); - } catch (TimeOut&) { } - } - else if (stat("/usr/bin/gnome-terminal", &sb) == 0 && stat("/usr/bin/dbus-launch", &sb) == 0) - { - args.clear (); - args.push_back ("--title"); - args.push_back ("fsck"); - args.push_back ("--"); - args.push_back ("sh"); - args.push_back ("-c"); - args.push_back (xargs); - try - { - Process::Execute ("gnome-terminal", args, 1000); - } catch (TimeOut&) { } + if (!depFound) { + continue; // dependency not found, skip + } + } + + // Build args + std::list<std::string> args; + for (const char** arg = term->args; *arg != NULL; ++arg) { + args.push_back(*arg); + } + args.push_back(xargs); + + try { + Process::Execute (termPath, args, 1000); + return; + } + catch (TimeOut&) { + return; + } + catch (SystemException&) { + // Continue to next terminal + } } - else - throw TerminalNotFound(); } -#endif + + throw TerminalNotFound(); } void CoreUnix::DismountFilesystem (const DirectoryPath &mountPoint, bool force) const { @@ -559,8 +595,19 @@ namespace VeraCrypt if (IsVolumeMounted (*options.Path)) throw VolumeAlreadyMounted (SRC_POS); + if (options.MountPoint && !options.MountPoint->IsEmpty()) + { + // Reject if the mount point is a system directory + if (IsProtectedSystemDirectory(*options.MountPoint)) + throw MountPointBlocked (SRC_POS); + + // Reject if the mount point is in the user's PATH and the user has not explicitly allowed insecure mount points + if (!GetAllowInsecureMount() && IsDirectoryOnUserPath(*options.MountPoint)) + throw MountPointNotAllowed (SRC_POS); + } + Cipher::EnableHwSupport (!options.NoHardwareCrypto); shared_ptr <Volume> volume; @@ -791,5 +838,101 @@ namespace VeraCrypt stringstream s; s << GetDefaultMountPointPrefix() << slotNumber; return s.str(); } + + bool CoreUnix::IsProtectedSystemDirectory (const DirectoryPath &directory) const + { + static const char* systemDirs[] = { + "/usr", + "/bin", + "/sbin", + "/lib", +#ifdef TC_LINUX + "/lib32", + "/lib64", + "/libx32", +#endif + "/etc", + "/boot", + "/root", + "/proc", + "/sys", + "/dev", + NULL + }; + + // Resolve any symlinks in the path + string path(directory); + char* resolvedPathCStr = realpath(path.c_str(), NULL); + if (resolvedPathCStr) + { + path = resolvedPathCStr; + free(resolvedPathCStr); // Free the allocated memory + } + + // reject of the path is the root directory "/" + if (path == "/") + return true; + + // Check if resolved path matches any system directory + for (int i = 0; systemDirs[i] != NULL; ++i) + { + if (path == systemDirs[i] || path.find(string(systemDirs[i]) + "/") == 0) + return true; + } + + return false; + } + + bool CoreUnix::IsDirectoryOnUserPath(const DirectoryPath &directory) const + { + // Obtain the PATH environment variable + const char* pathEnv = UserEnvPATH.c_str(); + if (!pathEnv[0]) + return false; + + // Resolve the given directory + string dirPath(directory); + char* resolvedDir = realpath(dirPath.c_str(), NULL); + if (resolvedDir) + { + dirPath = resolvedDir; + free(resolvedDir); + } + + // Split PATH and compare each entry + stringstream ss(pathEnv); + string token; + while (getline(ss, token, ':')) + { + // remove any trailing slashes from the token + while (!token.empty() && token.back() == '/') + token.pop_back(); + + if (token.empty()) + continue; + + // check if the directory is the same as the entry or a subdirectory + if (dirPath == token || dirPath.find(token + "/") == 0) + return true; + + // handle the case where the PATH entry is a symlink + char* resolvedEntry = realpath(token.c_str(), NULL); + if (!resolvedEntry) + continue; // skip to the next entry since the path does not exist + + string entryPath(resolvedEntry); + free(resolvedEntry); + + // remove any trailing slashes from the token + while (!entryPath.empty() && entryPath.back() == '/') + entryPath.pop_back(); + + // perform check again if the resolved path is different from the original (symlink) + if (dirPath == entryPath || dirPath.find(entryPath + "/") == 0) + return true; + } + + return false; + } } diff --git a/src/Core/Unix/CoreUnix.h b/src/Core/Unix/CoreUnix.h index 586d4df3..ae26bf0a 100644 --- a/src/Core/Unix/CoreUnix.h +++ b/src/Core/Unix/CoreUnix.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -47,8 +47,10 @@ namespace VeraCrypt virtual shared_ptr <VolumeInfo> MountVolume (MountOptions &options); virtual void SetFileOwner (const FilesystemPath &path, const UserId &owner) const; virtual DirectoryPath SlotNumberToMountPoint (VolumeSlotNumber slotNumber) const; virtual void WipePasswordCache () const { throw NotApplicable (SRC_POS); } + virtual bool IsProtectedSystemDirectory (const DirectoryPath &directory) const; + virtual bool IsDirectoryOnUserPath(const DirectoryPath &directory) const; protected: virtual DevicePath AttachFileToLoopDevice (const FilePath &filePath, bool readOnly) const { throw NotApplicable (SRC_POS); } virtual void DetachLoopDevice (const DevicePath &devicePath) const { throw NotApplicable (SRC_POS); } diff --git a/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp b/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp index 05520274..8f5b8048 100644 --- a/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp +++ b/src/Core/Unix/FreeBSD/CoreFreeBSD.cpp @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -45,9 +45,9 @@ namespace VeraCrypt args.push_back ("-f"); args.push_back (filePath); - string dev = StringConverter::Trim (Process::Execute ("mdconfig", args)); + string dev = StringConverter::Trim (Process::Execute ("/sbin/mdconfig", args)); if (dev.find ("/") == string::npos) dev = string ("/dev/") + dev; @@ -64,9 +64,9 @@ namespace VeraCrypt for (int t = 0; true; t++) { try { - Process::Execute ("mdconfig", args); + Process::Execute ("/sbin/mdconfig", args); break; } catch (ExecutedProcessFailed&) { diff --git a/src/Core/Unix/FreeBSD/CoreFreeBSD.h b/src/Core/Unix/FreeBSD/CoreFreeBSD.h index 453f6440..5510aa2c 100644 --- a/src/Core/Unix/FreeBSD/CoreFreeBSD.h +++ b/src/Core/Unix/FreeBSD/CoreFreeBSD.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/FreeBSD/System.h b/src/Core/Unix/FreeBSD/System.h index b5e28f31..63f68aae 100644 --- a/src/Core/Unix/FreeBSD/System.h +++ b/src/Core/Unix/FreeBSD/System.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/Linux/CoreLinux.cpp b/src/Core/Unix/Linux/CoreLinux.cpp index cd4be80f..77ec874a 100644 --- a/src/Core/Unix/Linux/CoreLinux.cpp +++ b/src/Core/Unix/Linux/CoreLinux.cpp @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/Linux/CoreLinux.h b/src/Core/Unix/Linux/CoreLinux.h index 9af801ec..b851fc27 100644 --- a/src/Core/Unix/Linux/CoreLinux.h +++ b/src/Core/Unix/Linux/CoreLinux.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/Linux/System.h b/src/Core/Unix/Linux/System.h index 0ec1daf0..c98bfd0a 100644 --- a/src/Core/Unix/Linux/System.h +++ b/src/Core/Unix/Linux/System.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/MacOSX/CoreMacOSX.cpp b/src/Core/Unix/MacOSX/CoreMacOSX.cpp index cfd34072..df8a40e2 100644 --- a/src/Core/Unix/MacOSX/CoreMacOSX.cpp +++ b/src/Core/Unix/MacOSX/CoreMacOSX.cpp @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -46,9 +46,9 @@ namespace VeraCrypt args.push_back ("-force"); try { - Process::Execute ("hdiutil", args); + Process::Execute ("/usr/bin/hdiutil", args); } catch (ExecutedProcessFailed &e) { if (!ignoreOpenFiles) @@ -83,9 +83,9 @@ namespace VeraCrypt for (int t = 0; true; t++) { try { - Process::Execute ("umount", args); + Process::Execute ("/sbin/umount", args); break; } catch (ExecutedProcessFailed&) { @@ -113,9 +113,9 @@ namespace VeraCrypt args.push_back ("/Applications/Utilities/Disk Utility.app"); else args.push_back ("/System/Applications/Utilities/Disk Utility.app"); - Process::Execute ("open", args); + Process::Execute ("/usr/bin/open", args); } void CoreMacOSX::MountAuxVolumeImage (const DirectoryPath &auxMountPoint, const MountOptions &options) const { @@ -189,9 +189,9 @@ namespace VeraCrypt while (true) { try { - xml = Process::Execute ("hdiutil", args); + xml = Process::Execute ("/usr/bin/hdiutil", args); break; } catch (ExecutedProcessFailed &e) { @@ -232,9 +232,9 @@ namespace VeraCrypt args.push_back ("detach"); args.push_back (volImage); args.push_back ("-force"); - Process::Execute ("hdiutil", args); + Process::Execute ("/usr/bin/hdiutil", args); } catch (ExecutedProcessFailed&) { } throw; } diff --git a/src/Core/Unix/MacOSX/CoreMacOSX.h b/src/Core/Unix/MacOSX/CoreMacOSX.h index d2c70a87..da905708 100644 --- a/src/Core/Unix/MacOSX/CoreMacOSX.h +++ b/src/Core/Unix/MacOSX/CoreMacOSX.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/MacOSX/System.h b/src/Core/Unix/MacOSX/System.h index d187877f..af286829 100644 --- a/src/Core/Unix/MacOSX/System.h +++ b/src/Core/Unix/MacOSX/System.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/MountedFilesystem.h b/src/Core/Unix/MountedFilesystem.h index 3f6bd3e2..de9bc138 100644 --- a/src/Core/Unix/MountedFilesystem.h +++ b/src/Core/Unix/MountedFilesystem.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp b/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp index 3064103b..161d4a79 100644 --- a/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp +++ b/src/Core/Unix/OpenBSD/CoreOpenBSD.cpp @@ -6,9 +6,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -74,9 +74,9 @@ namespace VeraCrypt args.push_back (freePath.str()); args.push_back (filePath); - Process::Execute ("vnconfig", args); + Process::Execute ("/sbin/vnconfig", args); return "/dev/" + freePath.str() + "c"; } @@ -89,9 +89,9 @@ namespace VeraCrypt for (int t = 0; true; t++) { try { - Process::Execute ("vnconfig", args); + Process::Execute ("/sbin/vnconfig", args); break; } catch (ExecutedProcessFailed&) { diff --git a/src/Core/Unix/OpenBSD/CoreOpenBSD.h b/src/Core/Unix/OpenBSD/CoreOpenBSD.h index 3f6c48b5..32129534 100644 --- a/src/Core/Unix/OpenBSD/CoreOpenBSD.h +++ b/src/Core/Unix/OpenBSD/CoreOpenBSD.h @@ -6,9 +6,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/OpenBSD/System.h b/src/Core/Unix/OpenBSD/System.h index 90b24b2a..9c155a40 100644 --- a/src/Core/Unix/OpenBSD/System.h +++ b/src/Core/Unix/OpenBSD/System.h @@ -6,9 +6,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/Solaris/CoreSolaris.cpp b/src/Core/Unix/Solaris/CoreSolaris.cpp index 15a79c49..c436be8f 100644 --- a/src/Core/Unix/Solaris/CoreSolaris.cpp +++ b/src/Core/Unix/Solaris/CoreSolaris.cpp @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ @@ -34,9 +34,9 @@ namespace VeraCrypt list <string> args; args.push_back ("-a"); args.push_back (filePath); - return StringConverter::Trim (Process::Execute ("lofiadm", args)); + return StringConverter::Trim (Process::Execute ("/usr/sbin/lofiadm", args)); } void CoreSolaris::DetachLoopDevice (const DevicePath &devicePath) const { @@ -47,9 +47,9 @@ namespace VeraCrypt for (int t = 0; true; t++) { try { - Process::Execute ("lofiadm", args); + Process::Execute ("/usr/sbin/lofiadm", args); break; } catch (ExecutedProcessFailed&) { diff --git a/src/Core/Unix/Solaris/CoreSolaris.h b/src/Core/Unix/Solaris/CoreSolaris.h index d36f03f9..6a55583a 100644 --- a/src/Core/Unix/Solaris/CoreSolaris.h +++ b/src/Core/Unix/Solaris/CoreSolaris.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/Solaris/System.h b/src/Core/Unix/Solaris/System.h index 73513467..7ee71da4 100644 --- a/src/Core/Unix/Solaris/System.h +++ b/src/Core/Unix/Solaris/System.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/Unix/System.h b/src/Core/Unix/System.h index 7225dae2..b6a6f092 100644 --- a/src/Core/Unix/System.h +++ b/src/Core/Unix/System.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/VolumeCreator.cpp b/src/Core/VolumeCreator.cpp index fefbddde..a60b12ba 100644 --- a/src/Core/VolumeCreator.cpp +++ b/src/Core/VolumeCreator.cpp @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ diff --git a/src/Core/VolumeCreator.h b/src/Core/VolumeCreator.h index 781354b9..a25a9667 100644 --- a/src/Core/VolumeCreator.h +++ b/src/Core/VolumeCreator.h @@ -3,9 +3,9 @@ Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed by the TrueCrypt License 3.0. Modifications and additions to the original source code (contained in this file) - and all other portions of this file are Copyright (c) 2013-2017 IDRIX + and all other portions of this file are Copyright (c) 2013-2025 IDRIX and are governed by the Apache License 2.0 the full text of which is contained in the file License.txt included in VeraCrypt binary and source code distribution packages. */ |