Computer Security

Volumes mounted by TrueCrypt are visible/accessible to other users

Posted on: Fri, 14 Sep 2012 17:12 By: patrick

On Mac OS X, when I mount a TrueCrypt volume from a file container while logged in as user A, I can then switch to another user B and view the mounted volume's content (e.g. in the Finder, or in a session). I believe this is a bug, as the content of the TrueCrypt volume should remain private. I don't know enough about the underlying issues to lay the blame on any one in particular (Mac OS X, TrueCrypt, FUSE?), but what I definitely can say is that I cannot trust my Mac to be left alone while a TrueCrypt volume is still mounted.

This is how my mounted volumes' mount points look like inside a session. As you can see, the TrueCrypt volume PRIVATE is mounted with permissions that make it wide open for any user to snoop around inside.

nargothrond:~ --> ls -l /Volumes/
total 184
drwxr-xr-x   1 patrick  staff   8192 12 Dez  2010 BOOTCAMP
lrwxr-xr-x   1 root     admin      1 29 Aug 21:17 Macintosh HD -> /
drwxrwxrwx   1 patrick  staff  16384 31 Dez  1979 PRIVATE

I have reported this issue on the TrueCrypt website in September 2009. I never received a reply. Today I double-checked whether the problem is still there with the latest version of TrueCrypt (7.1a): Yes, it is! In case anyone wonders: I am using Mac OS X 10.6.8.

Subscribe to Computer Security