VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Core/Unix/MacOSX
AgeCommit message (Collapse)AuthorFilesLines
30 hoursmacOS: Fix regression in dismount caused by wrong umount path (#1467)Mounir IDRASSI1-1/+1
9 daysLinux/FreeBSD: Add absolute paths for system binaries to prevent path ↵Mounir IDRASSI1-5/+5
hijacking (CVE-2024-54187, collaboration with SivertPL @__tfr) This commit fixes a critical security vulnerability where VeraCrypt could be tricked into executing malicious binaries with elevated privileges. The vulnerability has two severe implications: 1. When sudo's secure_path option is disabled, attackers could execute malicious binaries with root privileges by placing them in user-writable PATH directories (e.g., making "sudo mount" execute a malicious mount binary) 2. By placing a malicious sudo binary in PATH, attackers could intercept and steal the user's password when VeraCrypt prompts for sudo authentication The vulnerability allowed attackers to place malicious binaries in user-writable directories that appear in PATH before system directories, potentially leading to privilege escalation and credential theft. Key changes: - Implement FindSystemBinary() to locate executables in secure system paths - Replace all relative binary paths with absolute paths for system commands - Add security checks for executable permissions - Update process execution to use absolute paths for: * sudo * mount * fsck * terminal emulators * file managers * system utilities (hdiutil, mdconfig, vnconfig, lofiadm) The fix ensures all system binaries are called using their absolute paths from secure system directories, preventing both privilege escalation through PATH manipulation and password theft through sudo hijacking. Security: CVE-2024-54187
9 daysIncrement version to 1.26.18. Update copyright date. Update Release Notes. ↵Mounir IDRASSI3-3/+3
Update Windows drivers.
2024-06-22MacOSX: Add for using FUSE-T instead of MacFUSEMounir IDRASSI1-1/+2
The build script build_veracrypt_macosx.h now accepts the argument -f to enable fuse-t support. It is also possible to set the environment variable VC_OSX_FUSET to 1 for FUSE-T support. A change was done in CoreUnix::GetMountedVolumes to add a waiting loop for control file to be accessible because when using FUSE-T there always a delay before control file can be serialized.
2023-12-11macOS: Use correct Disk Utility location when "check filesystem" is ran (#1273)Jertzukka1-1/+7
2020-11-28Fixed macFUSE support for macOS 11 (Big Sur) (#699)Thierry Lelegard1-2/+6
2020-06-11Switch from auto_ptr to unique_ptr (#638)Christopher Bergqvist1-2/+2
2017-06-23Update IDRIX copyright yearMounir IDRASSI3-3/+3
2016-10-17MacOSX: remove unused variableMounir IDRASSI1-1/+0
2016-10-17MacOSX: remove MacFUSE dependency and link against OSXFuse library. Now, ↵Mounir IDRASSI1-22/+10
only standard OSXFuse install is needed without MacFUSE compatibility option.
2016-05-10Remove trailing whitespaceDavid Foerster3-7/+7
2016-05-01Reset bogus executable permissionsDavid Foerster1-0/+0
2016-02-21MacOSX: Correctly detect newer versions of OSXFuseMounir IDRASSI1-10/+12
2016-01-20Copyright: update dates to include 2016.Mounir IDRASSI3-3/+3
2015-08-06Update license information to reflect the use of a dual license Apache 2.0 ↵Mounir IDRASSI3-14/+26
and TrueCrypt 3.0.
2014-11-08MacOSX : Support detection of OSXFUSE and the presence of MacFUSE ↵Mounir IDRASSI1-3/+29
compatibility layer.
2014-11-08Change namespace from TrueCrypt to VeraCrypt. Rename method from Resources ↵Mounir IDRASSI2-2/+2
Resources::GetTrueCryptIcon to Resources::GetVeraCryptIcon.
2014-11-08Replace TrueCrypt references in added sources and resources by VeraCrypt ones.Mounir IDRASSI1-1/+1
2014-11-08Add TrueCrypt 7.1a MacOSX/Linux specific source files.Mounir IDRASSI3-0/+263