The bestcrypt ebuild does not support non-root usage of the tool. I had to make the /usr/bin/bctool binary suid root as well as create the following file: ===> /etc/udev/rules.d/50-bcrypt.rules <=== KERNEL="bcrypt[0-9]*" NAME="%k", MODE="0666" Should these instructions go into the ebuild as einfo messages along with the usual "This is considered a security risk on multiuser systems" caveat? I am especially concerned about the udev device permissions issue, because this is not straightforward to figure out. Reproducible: Always Steps to Reproduce: 1. emerge bestcrypt 2. bctool mount <encrypted-file> <mount-point> Actual Results: $ bctool mount <encrypted-file> <mount-point> This program must be run as root or have the SUID attribute set $ sudo chmod +s /usr/bin/bctool $ bctool mount <encrypted-file> <mount-point> Can not find free device Expected Results: Mounted the encrypted filesystem.
this looks far too dangerous even with warnings. If a user wants to use this they can use sudo. When things like bctool /dev/hda ... can be done as an ordinary user is really bad. A strace on bctool should reveil the udev problem quickly enough. If bctool has some built in limitations as suid this may be acceptable but as I see it now it really isn't acceptable. No other gentoo program that I'm aware of allows this much control to a non-root users.
