VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Platform/Unix/Process.cpp
AgeCommit message (Collapse)AuthorFilesLines
11 daysMacOSX: Fix erroneous preprocessor directiveMounir IDRASSI1-2/+2
2025-01-14Linux/FreeBSD: Add absolute paths for system binaries to prevent path ↵Mounir IDRASSI1-1/+62
hijacking (CVE-2024-54187, collaboration with SivertPL @__tfr) This commit fixes a critical security vulnerability where VeraCrypt could be tricked into executing malicious binaries with elevated privileges. The vulnerability has two severe implications: 1. When sudo's secure_path option is disabled, attackers could execute malicious binaries with root privileges by placing them in user-writable PATH directories (e.g., making "sudo mount" execute a malicious mount binary) 2. By placing a malicious sudo binary in PATH, attackers could intercept and steal the user's password when VeraCrypt prompts for sudo authentication The vulnerability allowed attackers to place malicious binaries in user-writable directories that appear in PATH before system directories, potentially leading to privilege escalation and credential theft. Key changes: - Implement FindSystemBinary() to locate executables in secure system paths - Replace all relative binary paths with absolute paths for system commands - Add security checks for executable permissions - Update process execution to use absolute paths for: * sudo * mount * fsck * terminal emulators * file managers * system utilities (hdiutil, mdconfig, vnconfig, lofiadm) The fix ensures all system binaries are called using their absolute paths from secure system directories, preventing both privilege escalation through PATH manipulation and password theft through sudo hijacking. Security: CVE-2024-54187
2025-01-14Increment version to 1.26.18. Update copyright date. Update Release Notes. ↵Mounir IDRASSI1-1/+1
Update Windows drivers.
2024-06-12Avoid conflict with C++17 features std::byte by using uint8 type instead of byteMounir IDRASSI1-1/+1
2022-02-18Linux: Fix code dump when built with -D_GLIBCXX_ASSERTIONS caused by an ↵Mounir IDRASSI1-1/+0
assert in libstdc++. The variable has enough capacity so pointer &buffer[0] is valid but since clear method was called, we are not supposed to access element at index 0. Related to Github issue #896
2020-06-11Switch from auto_ptr to unique_ptr (#638)Christopher Bergqvist1-1/+1
2019-11-12Fix off by one overflow with 31 args (#541)Hanno Böck1-1/+1
2019-06-06Some cleanup related to "Invalid characters..." on mount issue. (#453)Alexander Karzhenkov1-23/+3
* Revert previous commit * Fix "Invalid characters..." issue by not using "foreach" macro The "foreach" macro creates a copy of the container. This copy is destroyed immediately after the iteration is completed. C-strings pointers passed to the local array were invalidated with destroying of "std::string"s contained in the copy.
2017-06-23Update IDRIX copyright yearMounir IDRASSI1-1/+1
2016-05-10Remove trailing whitespaceDavid Foerster1-9/+9
2016-03-18Linux: Completely fix gcc-5 "Invalid characters encountered" issue on mount. ↵Mounir IDRASSI1-2/+22
It was caused by an issue of gcc-5 STL implementation that is causing char* pointers retrieved from std::string using c_str method to become invalid in the child of a child process (after two fork calls). The workaround is to first copy the std:string values in the child before calling the second fork.
2016-01-20Copyright: update dates to include 2016.Mounir IDRASSI1-1/+1
2015-08-06Update license information to reflect the use of a dual license Apache 2.0 ↵Mounir IDRASSI1-5/+9
and TrueCrypt 3.0.
2014-11-08Change namespace from TrueCrypt to VeraCrypt. Rename method from Resources ↵Mounir IDRASSI1-1/+1
Resources::GetTrueCryptIcon to Resources::GetVeraCryptIcon.
2014-11-08Add TrueCrypt 7.1a MacOSX/Linux specific source files.Mounir IDRASSI1-0/+202