| Summary: | After upgrade to Mageia8 veracrypt doesn't work with sudo as before | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Uli Selle <uli.effer> |
| Component: | RPM Packages | Assignee: | Nicolas Lécureuil <mageia> |
| Status: | NEW --- | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | fri, johnltw, lewyssmith, ouaurelien |
| Version: | 8 | Keywords: | 8rc1, IN_RELEASENOTES8 |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | veracrypt-1.24u7-7.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Uli Selle
2021-01-02 09:20:51 CET
I think since veracrypt-1.24u2 one have to use '--use-dummy-sudo-password' when starting veracypt to use the old behavior with sudo. https://github.com/veracrypt/VeraCrypt/releases/tag/VeraCrypt_1.24-Update2 "Add CLI switch (--use-dummy-sudo-password) to force use of old sudo behavior of sending a dummy password" Source RPM:
sudo-1.9.4p2-1.mga8.src.rpm =>
veracrypt-1.24u7-3.mga8
Jani Välimaa
2021-01-02 13:14:03 CET
Summary:
After Upgrade from Mageia7 to Mageia8 sudo has no effect as before =>
After upgrade to Mageia8 veracrypt doesn't work with sudo as before
Aurelien Oudelet
2021-01-02 18:45:04 CET
CC:
(none) =>
ouaurelien Thanks Jani for your quick detective work. This looks more like for Release Notes than Errata, since the product is behaving as it should. It is not a Mageia bug. I am unclear whether the 'old' behaviour worked with *no* password for users of the group "crypt"; or whether it required the normal (= user) 'su' password. Are we talking about a password still required, but not the same one? Would this work in /etc/sudoers ?: %crypt ALL = NOPASSWD:/usr/bin/veracrypt --use-dummy-sudo-password @Uli : can you try that? It might get bounced as an invalid line. If it does work, then we might adjust the RPM accordingly. CC:
(none) =>
lewyssmith Hello, @ Lewis: tried it with: %crypt ALL = NOPASSWD:/usr/bin/veracrypt --use-dummy-sudo-password -> now veracrypt requires a password for mounting the encrypted volume - but neither the user password nor the superuser password is accepted! - so vc can't mount the volume Went back to "%crypt ALL = NOPASSWD:/usr/bin/veracrypt" and started vc in this way: "veracrypt --use-dummy-sudo-password" Now vc shows the old behaviour: - it starts, i can choose the encrypted volume (with pw) and it is mounted from vc without requireing any additional password Seems its a change in the behaviour of veracrypt...? Thank you for trying that. > Seems its a change in the behaviour of veracrypt...? Exactly, as Jani identified in comment 1 then 2. To be in Release Notes. Not sure whether we can close this. Keywords:
FOR_ERRATA8 =>
FOR_RELEASENOTES8
Aurelien Oudelet
2021-01-28 21:31:28 CET
Whiteboard:
(none) =>
8rc Not sure what to write. Please describe. For now i put a link to this bug at https://wiki.mageia.org/en/Mageia_8_Release_Notes#Veracrypt CC:
(none) =>
fri VERACRYPT After upgrade to Mageia8 veracrypt does not work with sudo as before. Since veracrypt-1.24u2 one has to use '--use-dummy-sudo-password' when starting veracypt to get the old behaviour with sudo. https://github.com/veracrypt/VeraCrypt/releases/tag/VeraCrypt_1.24-Update2 "Add CLI switch (--use-dummy-sudo-password) to force use of old sudo behavior of sending a dummy password" See also https://bbs.archlinux.org/viewtopic.php?pid=1906246#p1906246 [and reference this bug 28001] Thanks. I shortened it a bit as the Release notes page is huge already. Solution stated, and details are in the links for the interested. https://wiki.mageia.org/en/Mageia_8_Release_Notes#VeraCrypt Thanks. In my opinion, an elegant solution (completely hidden from the end user) is to simply change the 'Exec=' line within veracrypt.desktop to: ┌──── │ Exec=/usr/bin/veracrypt --use-dummy-sudo-password └──── This works perfectly for me when starting veracrypt via KRunner. Of course users running from the command line will still need to be (made) aware of the new switch... CC:
(none) =>
johnltw From comment 1: > use '--use-dummy-sudo-password' when starting veracypt to use the > old behavior with sudo. Agreeing to some extent with the previous comment (nicely presented), the problem with building this in is that is provides the *old* behaviour of veracrypt, a deviation from standard veracrypt usage as it is now. This is a dicey thing to do: we might be pressed to hide (where possible) all software evolutions yielding a behavioural change. And, of course, new users would then find it not conforming with the current 'book'. Users must ultimately live with such changes. Progress - as often bad as good. Well expressed, Lewis :) (In reply to Lewis Smith from comment #11) > From comment 1: > > use '--use-dummy-sudo-password' when starting veracypt to use the > > old behavior with sudo. > Agreeing to some extent with the previous comment (nicely presented), the > problem with building this in is that is provides the *old* behaviour of > veracrypt, a deviation from standard veracrypt usage as it is now. > This is a dicey thing to do: we might be pressed to hide (where possible) > all software evolutions yielding a behavioural change. And, of course, new > users would then find it not conforming with the current 'book'. > Users must ultimately live with such changes. Progress - as often bad as > good. So closing WONTFIX? Assigning to package maintainer who can say this. Source RPM:
veracrypt-1.24u7-3.mga8 =>
veracrypt-1.24u7-7.mga8.src.rpm |