Volumes mounted by TrueCrypt are visible/accessible to other users

Posted on: Fri, 14 Sep 2012 17:12 By: patrick

On Mac OS X, when I mount a TrueCrypt volume from a file container while logged in as user A, I can then switch to another user B and view the mounted volume's content (e.g. in the Finder, or in a Terminal.app session). I believe this is a bug, as the content of the TrueCrypt volume should remain private. I don't know enough about the underlying issues to lay the blame on any one in particular (Mac OS X, TrueCrypt, FUSE?), but what I definitely can say is that I cannot trust my Mac to be left alone while a TrueCrypt volume is still mounted.

This is how my mounted volumes' mount points look like inside a Terminal.app session. As you can see, the TrueCrypt volume PRIVATE is mounted with permissions that make it wide open for any user to snoop around inside.

nargothrond:~ --> ls -l /Volumes/
total 184
drwxr-xr-x   1 patrick  staff   8192 12 Dez  2010 BOOTCAMP
lrwxr-xr-x   1 root     admin      1 29 Aug 21:17 Macintosh HD -> /
drwxrwxrwx   1 patrick  staff  16384 31 Dez  1979 PRIVATE
[...]

I have reported this issue on the TrueCrypt website in September 2009. I never received a reply. Today I double-checked whether the problem is still there with the latest version of TrueCrypt (7.1a): Yes, it is! In case anyone wonders: I am using Mac OS X 10.6.8.

CardDAV integration in Roundcube on Debian

Posted on: Fri, 14 Sep 2012 13:31 By: patrick

After much fiddling around, I finally worked out how to get the CardDAV plugin to work on my Debian box. The main problem was working out where to place the plugin's source code and configuration files, and where to create symlinks so that the Debian-packaged version of Roundcube finds the plugin and picks up its config file. Here is the full account of how to install and configure Roundcube and the CardDAV plugin on a Debian box that tracks the "testing" distribution.

This CD-R will self-destruct in 15 years

Posted on: Sun, 02 Sep 2012 14:46 By: patrick

During the last few months I repeatedly came across CDs in my music collection that were no longer readable. Today I made an effort to go through and check the entire collection. The result: Between 20 and 30 CDs have deteriorated so much that they have become unusable. The CDs in question are all Sunstar CD-R media that I have burned 12-15 years ago. Click the "Read more" link to see some images...

Topics

Star Trek: Grave Robbers from Outer Space

Posted on: Sun, 26 Aug 2012 17:04 By: patrick

Last week I went to the theatre to see the new Ridley Scott flick Prometheus. On Friday I saw the archive.org version of Plan 9 from Outer Space. Yesterday I watched the 2011 movie Cowboys & Aliens on DVD.

What do these films have in common? It's simple: All of them are of utter trash value! However, when I look at how much I enjoyed watching each of these movies, the fifty+ years old Plan 9 beats the hell out of the other two! Three reasons why, after the break...

Topics
dgsmonX 0.2.3 released patrick Sun, 24 Jun 2012 20:45

Version 0.2.3 of dgsmonX fixes a small but ugly bug introduced in 0.2.2: Instead of "no game waiting" dgsmonX would report "Check failed, no error details". Thanks to Hans for reporting this.

Software Projects
Article Styles
dgsmonX 0.2.2 released patrick Sun, 24 Jun 2012 01:55

I just released dgsmonX 0.2.2 (project page). This version should hopefully work again with DGS 1.0.15 (see previous post). If you encounter any issues, please let know by email.

Please note that to ensure responsible use of DGS resources (as requested in the DGS FAQ), I have implemented a minimum monitoring interval of 5 minutes (or 300 seconds). If you have configured a shorter interval, it will be automatically adjusted when you launch this version of dgsmonX for the first time. The minimum interval only applies to automatic checks, manual checks can still be triggered anytime you wish. Thank you for your understanding.

Software Projects
Article Styles
DGS quick status page accepts user ID and password as arguments patrick Sat, 23 Jun 2012 19:45

The release of the Dragon Go Server software version 1.0.15 thoroughly broke dgsmonX because DGS no longer accepts unauthenticated game checks via quick_status.php. While working on a fix for this I happened to notice that quick_status.php accepts user ID and password as arguments. A corresponding URL looks like this: http://www.dragongoserver.net/quick_status.php?version=2&userid=foo&passwd=secret.

Software Projects
Subscribe to