Recently, i was going through the following truecrypt page:
What is interesting to note is the recommendation to add ‘truecrypt group’ in the sudo commands. As truecrypt needs to be run as root, I assume that people will be making this binary a suid as root too.
To me this does not look very secure. Unlike a nfs share, which is by default mounted with root squashing enabled, truecrypt volumes do not have any such thing. Thus if a box has set truecrypt binary as suid. one just needs to transfer an encrypted volume(containing a suid bash file) on this box, mount this volumne and just execute this suid binary. This should give him a root shell.
Thus it is important that truecrypt should not be run as suid. This may be already known to some, but hey, i found it interesting. 🙂