How can user mount an encrypted file container in VeraCrypt?

Solution 1:

Warning: Only use @Pawel Debski solution if agree the following:

  • Any user or hacker getting access to an user account in veracryptusers group can run any commands as root, by downloading a prepared container file containing malicious code running as root.

So using that solution you might consider to use a special user profile for veracrypt. As a result, sodo is easier to use.

Steps to test the security problem:

  1. Create a container file (ext2-4)
  2. Copy or create a binary file (e.g. whoami)
  3. Change binary owner to root
  4. Add setuid to the binary
  5. Call the binary with a non-root-user account

The binary will run with root privilege.

Hint: I added this solution as the warning at Pawel Debski is inconspicuously. The risk is much greater than the benefit as long as the system has an internet connection.