Commit Graph

8 Commits

Author SHA1 Message Date
Mounir IDRASSI d26be95861 Update copyright year to 2026 2026-06-09 09:56:25 +09:00
Mounir IDRASSI 6bef9e009c Linux: refine in-kernel NTFS driver selection
Keep the NTFS kernel-driver option as a generic in-kernel NTFS path rather than an ntfs3-specific path. Add --filesystem=kernel-ntfs and -m kernelntfs routes that select a registered or loadable kernel NTFS driver and mount with -i so mount.ntfs/ntfs-3g helpers are not invoked.

Preserve --filesystem=ntfs3 as a literal pin to the ntfs3 driver. Treat both ntfs3 and kernel-ntfs as mount-only selectors; volume creation continues to use filesystem type NTFS.

The preference and -m kernelntfs path only select an in-kernel NTFS driver when no explicit filesystem type was supplied and blkid detects NTFS.

Treat ntfs as the preferred in-kernel driver on Linux 7.1 and later, where the upstream read/write driver is expected. On earlier kernels, select ntfs only when module metadata identifies the standalone read/write driver and /sys/module confirms it loaded, avoiding ntfs3 read-only ntfs compatibility registrations. Fall back to ntfs3 otherwise, and report a generic kernel-driver error if neither supported driver is available or loadable.

Rename the internal preference/config field to MountNtfsWithKernelDriver, migrate the old MountNtfsWithNtfs3 preference key, and update UI strings, CLI help, documentation, release notes, and translation placeholders accordingly.

Reference: https://github.com/veracrypt/VeraCrypt/issues/1735
2026-05-18 22:19:23 +09:00
Mounir IDRASSI b673901503 Move copyright and links to "AM Crypo", amcrypto.jp and veracrypt.jp 2025-05-11 16:02:20 +09:00
Mounir IDRASSI 2cca2e1daf Linux/FreeBSD: Add absolute paths for system binaries to prevent path hijacking (CVE-2024-54187, collaboration with SivertPL @__tfr)
This commit fixes a critical security vulnerability where VeraCrypt could be tricked into executing malicious binaries with elevated privileges. The vulnerability has two severe implications:

1. When sudo's secure_path option is disabled, attackers could execute malicious binaries with root privileges by placing them in user-writable PATH directories (e.g., making "sudo mount" execute a malicious mount binary)

2. By placing a malicious sudo binary in PATH, attackers could intercept and steal the user's password when VeraCrypt prompts for sudo authentication

The vulnerability allowed attackers to place malicious binaries in user-writable directories that appear in PATH before system directories, potentially leading to privilege escalation and credential theft.

Key changes:
- Implement FindSystemBinary() to locate executables in secure system paths
- Replace all relative binary paths with absolute paths for system commands
- Add security checks for executable permissions
- Update process execution to use absolute paths for:
  * sudo
  * mount
  * fsck
  * terminal emulators
  * file managers
  * system utilities (hdiutil, mdconfig, vnconfig, lofiadm)

The fix ensures all system binaries are called using their absolute paths from secure system directories, preventing both privilege escalation through PATH manipulation and password theft through sudo hijacking.

Security: CVE-2024-54187
2025-01-14 14:59:40 +01:00
Mounir IDRASSI 1b35abb191 Increment version to 1.26.18. Update copyright date. Update Release Notes. Update Windows drivers. 2025-01-14 12:26:28 +01:00
ZhanYF b6513d82f8 OpenBSD vnconfig no longer needs -c option (#1002)
Co-authored-by: Your Name <you@example.com>
2023-05-19 00:29:59 +02:00
a1346054 32052f214b Minor cleanup of the repo (#822)
* *: source files should not be executable

* *: make sure files have final newline

* *: remove BOM from text files

* translations: unify headers

* *: fix typos

* *: trim excess whitespace
2021-09-04 21:59:25 +02:00
kokokodak c8830a04b4 Add support for OpenBSD (#779)
* OpenBSD: add basic support

	modified:   Build/Include/Makefile.inc
	modified:   Driver/Fuse/FuseService.cpp
	modified:   Main/FatalErrorHandler.cpp
	modified:   Makefile
	modified:   Platform/Unix/File.cpp
	modified:   Platform/Unix/FilesystemPath.cpp
	modified:   Platform/Unix/SystemInfo.cpp

* OpenBSD: some necessary files were missing

	new file:   Core/Unix/OpenBSD/CoreOpenBSD.cpp
	new file:   Core/Unix/OpenBSD/CoreOpenBSD.h
	new file:   Core/Unix/OpenBSD/System.h
2021-07-14 13:43:34 +02:00