

I Need Some Help: Workaround Stopping Truecrypt From Leaking - tverr_bjelke

Some days ago I posted here my blog article 
http:&#x2F;&#x2F;querbalken.net&#x2F;workaround-truecrypt-leaking-containers-security-issue-en.html 
and the goal, an open source-project to work around: https:&#x2F;&#x2F;github.com&#x2F;tverrbjelke&#x2F;truecrypt_wrapper<p>Installing truecrypt via dowload package just results in a leaking mess:
All your recently used containerfiles will be leaked into file ~&#x2F;.local&#x2F;share&#x2F;recently-used.xbel<p>Started to create a practicable workaround mini open source project:
wrapper and documentation that guides through the issue.<p>My last post here got me some good replies. 
Summarizing one: &quot;truecrypt binary has no s-bit set, 
so set the bookmarking-file to readonly and you be done.&quot;<p>Did that. But that won&#x27;t help! (see session below)<p>Maybe I have major blind spots 
(hope so, then we could close the issue and live on - so please find my mistakes).
If not, then we indeed have a leaking mess that needs workaround.<p>So please help me here:<p>Can you try below session on different platforms with different desktop environments 
(truecrypt as I know links to GTK)<p>I have tried this on my up to date KUbuntu12.04LTS (with KDE) and the downloaded truecrypt-installer.
Same shit happens with different versions of truecrypt, doesn&#x27;t seem to matter. 
Because the open-file dialog does the leaking and that is desktop stuff.<p>Next thing I would like do is set up a clean virtual machine with e.g. opensuse (which also aims average joe).
But right now I cought a flew and should treat my fiever and recover a bit...<p>So is there something I am overlooking?<p>Please can you support me and try this on different platforms &#x2F; Desktop environments?
Maybe you reply here or as issue into my github project or as comment in my blog...?
And maybe you also have some hints where to go then...<p>1) workaround, well placed to be found by soluiton seeking average joe<p>2) fix of leaking truecrypt<p>here comes the session:
======
tverr_bjelke
Session

> ls -l $(which truecrypt)

-rwxr-xr-x 1 root root Dez 14 10:17 /usr/bin/truecrypt

So no S-bits, normal average-joe installtation via download from truecrypt.org

try as normal user

> cd ~/.local/share

> rm recently-used.xbel

> touch recently-used.xbel

> chmod a-rwx recently-used.xbel

> ls -l recently-used.xbel

\---------- 1 tverrbjelke tverrbjelke 0 Dez 14 12:17 recently-used.xbel

> truecrypt

-> select file -> ok -> select -> is there somethin in recently used?

YES! WTF?

> ls -l recently-used.xbel

-rw------- 1 tverrbjelke tverrbjelke 733 Dez 14 12:20 recently-used.xbel

So try2 - chown to root:

> rm recently-used.xbel

> touch recently-used.xbel

> chmod a-rwx recently-used.xbel

> sudo chown root:root recently-used.xbel

> ls -l recently-used.xbel

\---------- 1 root root 0 Dez 14 12:22 recently-used.xbel

> truecrypt

-> select file -> ok -> select -> is there somethin in recently used?

YES! WTF?

on the console I see the following message: "(truecrypt:29437): Gtk-WARNING
__: Attempting to read the recently used resources file at `
/home/tverrbjelke/.local/share/recently-used.xbel', but the parser failed:
Failed to open file '/home/tverrbjelke/.local/share/recently-used.xbel': No
Permission."

> tverrbjelke@espen:~/.local/share$ ls -l recently-used.xbel

-rw------- 1 tverrbjelke tverrbjelke 726 Dez 14 12:29 recently-used.xbel

So thats the mess I ment with my blog article. And why I wrote the workaround
truecrypt_wrapper script...

------
slashdotaccount
Switch to root, then do this:

# cat /dev/null >recently-used.xbel

# chattr +i recently-used.xbel

~~~
tverr_bjelke
thank you... but did you try that in practice? For my system it still
ocntinues to leak into a new created writable version of that file!

calling truecrypt will results in this:

(truecrypt:29720): Gtk-WARNING __: Attempting to store changes into `
/home/tverrbjelke/.local/share/recently-used.xbel', but failed: Failed to
rename file '/home/tverrbjelke/.local/share/recently-used.xbel.I2I27W' to
'/home/tverrbjelke/.local/share/recently-used.xbel': g_rename() failed: The
operation is not permitted

(truecrypt:29720): Gtk-WARNING __: Attempting to set the permissions of `
/home/tverrbjelke/.local/share/recently-used.xbel', but failed: The operation
is not permitted

(truecrypt:29720): Gtk-WARNING __: Attempting to store changes into `
/home/tverrbjelke/.local/share/recently-used.xbel', but failed: Failed to
rename file '/home/tverrbjelke/.local/share/recently-used.xbel.QVH27W' to
'/home/tverrbjelke/.local/share/recently-used.xbel': g_rename() failed: The
operation is not permitted

(truecrypt:29720): Gtk-WARNING __: Attempting to set the permissions of `
/home/tverrbjelke/.local/share/recently-used.xbel', but failed: The operation
is not permitted

tverrbjelke@espen:~/.local/share$ ls -l recently-used.xbel

-rw------- 1 tverrbjelke tverrbjelke 0 Dez 14 14:38 recently-used.xbel

please more help!!!

~~~
slashdotaccount
> but did you try that in practice?

Not with TrueCrypt. You can just ignore the warnings (if it doesn't cause a
crash). "chattr +i" makes a file really read-only (you can undo it with
"chattr -i"). GTK library wants to write recently accessed files there, and
fails, emits the warnings. It's safe to ignore them.

~~~
tverr_bjelke
OK I did that and the result was the above output.

And then still in same truecrypt session I saw my recently used file - while
the bookmarking file still was empty.

So closing truecrypt reopening the recently used files list was empty. So that
seems to work. thx

Question for me is, how the hell can a normal process trigger root-owned read
only filed to becom overwritten and chowned to normal user? What is GTK magic
doing there?? I dont understand the above session! maybe someone can explai
that to me?

