mirror of
https://github.com/veracrypt/VeraCrypt.git
synced 2026-06-17 01:56:10 -05:00
Mounir IDRASSI
6774de941d
VeraCrypt derives the real (non-root) user from SUDO_UID/SUDO_GID to set default mount-point ownership and the FUSE service access filter. On OpenBSD, privileged commands are normally run through doas, which exposes the invoking login name via DOAS_USER and does not set the sudo variables. As a result, VeraCrypt launched through doas attributes both to root instead of the invoking user. When the sudo identity variables are absent, resolve DOAS_USER through the password database and use that uid/gid for default mount-point ownership and the VeraCrypt FUSE service access filter. sudo behavior is unchanged. This is a correctness fix for the doas launch path. It is not confirmed to resolve the non-root ext2fs EACCES reported in the linked issues: that failure occurs at the ext2fs layer reached through vnd, whose backing-image I/O runs as root and is therefore already permitted by the access filter. Refs #1589. Refs #1593.