Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 92823 - Bestcrypt does not set udev permissions for non-root access
Summary: Bestcrypt does not set udev permissions for non-root access
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: x86 Linux
: High minor (vote)
Assignee: Crypto team [DISABLED]
Depends on:
Reported: 2005-05-16 12:04 UTC by Venky TV
Modified: 2005-05-23 05:15 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Venky TV 2005-05-16 12:04:41 UTC
The bestcrypt ebuild does not support non-root usage of the tool. I had to make the /usr/bin/bctool binary suid root as well as create the following file:

===> /etc/udev/rules.d/50-bcrypt.rules <===
KERNEL="bcrypt[0-9]*"   NAME="%k", MODE="0666"

Should these instructions go into the ebuild as einfo messages along with the usual "This is considered a security risk on multiuser systems" caveat?  I am especially concerned about the udev device permissions issue, because this is not straightforward to figure out.

Reproducible: Always
Steps to Reproduce:
1. emerge bestcrypt
2. bctool mount <encrypted-file> <mount-point>

Actual Results:  
$ bctool mount <encrypted-file> <mount-point>
This program must be run as root or have the SUID attribute set
$ sudo chmod +s /usr/bin/bctool
$ bctool mount <encrypted-file> <mount-point>
Can not find free device

Expected Results:  
Mounted the encrypted filesystem.
Comment 1 Daniel Black (RETIRED) gentoo-dev 2005-05-23 05:15:08 UTC
this looks far too dangerous even with warnings. If a user wants to use this  
they can use sudo.  
When things like bctool /dev/hda ... can be done as an ordinary user is really  
A strace on bctool should reveil the udev problem quickly enough.  
If bctool has some built in limitations as suid this may be acceptable but as 
I see it now it really isn't acceptable. No other gentoo program that I'm 
aware of allows this much control to a non-root users.