Volumes mounted by TrueCrypt are visible/accessible to other users

September 14, 2012

On Mac OS X, when I mount a TrueCrypt volume from a file container while logged in as user A, I can then switch to another user B and view the mounted volume's content (e.g. in the Finder, or in a Terminal.app session). I believe this is a bug, as the content of the TrueCrypt volume should remain private. I don't know enough about the underlying issues to lay the blame on any one in particular (Mac OS X, TrueCrypt, FUSE?), but what I definitely can say is that I cannot trust my Mac to be left alone while a TrueCrypt volume is still mounted.

This is how my mounted volumes' mount points look like inside a Terminal.app session. As you can see, the TrueCrypt volume PRIVATE is mounted with permissions that make it wide open for any user to snoop around inside.

nargothrond:~ --> ls -l /Volumes/
total 184
drwxr-xr-x   1 patrick  staff   8192 12 Dez  2010 BOOTCAMP
lrwxr-xr-x   1 root     admin      1 29 Aug 21:17 Macintosh HD -> /
drwxrwxrwx   1 patrick  staff  16384 31 Dez  1979 PRIVATE
[...]

I have reported this issue on the TrueCrypt website in September 2009. I never received a reply. Today I double-checked whether the problem is still there with the latest version of TrueCrypt (7.1a): Yes, it is! In case anyone wonders: I am using Mac OS X 10.6.8.

Comments

Yodar

2012-10-29T21:15:14+01:00

Yep...

Same issue here... Maybe we should play with some scripts to automate the mounting and setting of permissions.

todd

2013-10-01T03:26:11+02:00

+1

I was just testing this and noticed the same thing. I'm running 10.7.5 with TrueCrypt 7.1a. I definitely cannot leave a TrueCrypt volume mounted unattended.

How did you name your volume Private? Every TC volume I mount gets named NO NAME, even when I hit the options and try to select the mount point

patrick

2014-01-10T16:21:14+01:00

Volume name

Todd,

Sorry for the late reply. I see what you mean, I just tried to create a new container with TrueCrypt 7.1a, and when mounted the volume inside indeed is named NO NAME. I don't recall that I ever did something special about the volume name PRIVATE - it simply reflects the name of the container file. I must assume that an earlier version of TrueCrypt (which I used to create the container) decided to take the volume name from the container file name.