Bug#631504: ntfs-3g: unusable for non-root users with or without setuid
What's the status of this bug in jessie/stretch? It has been fixed in wheezy at some point, but is it still relevant for newer releases? Andreas
Bug#631504: ntfs-3g: unusable for non-root users with or without setuid
Tags: patch Removing --with-fuse=external or replacing it with --with-fuse=internal in the configuration part of the rules files solves the problem. Is there a reason to use the external fuse library instead of the ntfs-3g internal one ? -- Christophe Monniez christophe.monn...@fccu.be --- rules.orig 1970-01-01 01:00:00.0 +0100 +++ rules 2011-08-05 08:41:57.0 +0200 @@ -0,0 +1,97 @@ +#!/usr/bin/make -f + +SHELL := sh -e + +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif +ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) +NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) +MAKEFLAGS += -j$(NUMJOBS) +endif + +upstream: + lynx -dump http://b.andre.pagesperso-orange.fr/changelog.html debian/local/changelog + +%: + dh ${@} --with autotools_dev + +override_dh_auto_configure: + dh_auto_configure -- --host=$(DEB_HOST_GNU_TYPE) \ +--build=$(DEB_BUILD_GNU_TYPE) \ +--prefix=/usr \ +--exec-prefix=/ \ +--mandir=\$${prefix}/share/man \ +--enable-crypto \ +--enable-extras \ +--enable-posix-acls \ +--enable-xattr-mappings \ +--disable-ldconfig \ +--with-fuse=internal \ +CFLAGS=$(CFLAGS) \ +LDFLAGS=-Wl,-z,defs + +override_dh_auto_install: + dh_auto_install + + # adding initramfs-tools integration + install -D -m 0755 debian/local/ntfs-3g.hook debian/ntfs-3g/usr/share/initramfs-tools/hooks/ntfs_3g + install -D -m 0755 debian/local/ntfs-3g.local-premount debian/ntfs-3g/usr/share/initramfs-tools/scripts/local-premount/ntfs_3g + install -D -m 0755 debian/local/ntfs-3g.local-bottom debian/ntfs-3g/usr/share/initramfs-tools/scripts/local-bottom/ntfs_3g + + # removing unused files + rm -f debian/tmp/lib/*.la + + # removing rpath + for _PROGRAM in \ + bin/lowntfs-3g \ + bin/ntfs-3g \ + bin/ntfs-3g.probe \ + bin/ntfs-3g.secaudit \ + bin/ntfs-3g.usermap \ + bin/ntfscat \ + bin/ntfscluster \ + bin/ntfscmp \ + bin/ntfsck \ + bin/ntfsdecrypt \ + bin/ntfsdump_logfile \ + bin/ntfsfix \ + bin/ntfsinfo \ + bin/ntfsls \ + bin/ntfsmftalloc \ + bin/ntfsmove \ + bin/ntfstruncate \ + bin/ntfswipe \ + sbin/mkntfs \ + sbin/ntfsclone \ + sbin/ntfscp \ + sbin/ntfslabel \ + sbin/ntfsresize \ + sbin/ntfsundelete; \ + do \ + chrpath --delete debian/tmp/$${_PROGRAM}; \ + done + +override_dh_installchangelogs: + dh_installchangelogs debian/local/changelog + +override_dh_install: + dh_install --fail-missing + +override_dh_link: + rm -rf debian/ntfs-3g-dev/usr/share/doc + + # correcting symlink target + dh_link -pntfs-3g-dev lib/$$(basename $$(readlink debian/tmp/usr/lib/libntfs-3g.so)) usr/lib/libntfs-3g.so + + dh_link --remaining-packages + +override_dh_strip: + dh_strip --dbg-package=ntfs-3g-dbg
Bug#631504: ntfs-3g: unusable for non-root users with or without setuid
tag 631504 - patch thanks On 08/05/2011 09:21 AM, Christophe Monniez wrote: Is there a reason to use the external fuse library instead of the ntfs-3g internal one ? security reasons and no code-duplication. the remaining issues with using the systems fuse should be fixed in the code, the internal one is not an acceptable workaround. -- Address:Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern Email: daniel.baum...@progress-technologies.net Internet: http://people.progress-technologies.net/~daniel.baumann/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#631504: ntfs-3g: unusable for non-root users with or without setuid
Package: ntfs-3g Version: 1:2011.1.15AR.4+2011.4.12-2 Severity: normal Mounting NTFS volumes through gvfs currently fails with an error from ntfs-3g Error mounting: mount exited with exit code 1: helper failed with: Unprivileged user can not mount NTFS block devices using the external FUSE library. Either mount the volume as root, or rebuild NTFS-3G with integrated FUSE support and make it setuid root. Please see more information at http://ntfs-3g.org/support.html#unprivileged after reconfiguring it to use setuit root, the error message changes to: Error mounting: mount exited with exit code 1: helper failed with: Mount is denied because setuid and setgid root ntfs-3g is insecure with the external FUSE library. Either remove the setuid/setgid bit from the binary or rebuild NTFS-3G with integrated FUSE support and make it setuid root. Please see more information at http://ntfs-3g.org/support.html#unprivileged So it is currently unusable either way -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.39-2-686-pae (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ntfs-3g depends on: ii debconf [deb 1.5.39 Debian configuration management sy ii fuse-utils 2.8.5-3 Filesystem in Userspace (transitio ii libc62.13-7 Embedded GNU C Library: Shared lib ii libfuse2 2.8.5-3 Filesystem in Userspace (library) ii libntfs-3g80 1:2011.1.15AR.4+2011.4.12-2 read-write NTFS driver for FUSE (l ntfs-3g recommends no packages. ntfs-3g suggests no packages. -- debconf information: * ntfs-3g/setuid-root: false -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org