Bug#631504: ntfs-3g: unusable for non-root users with or without setuid
What's the status of this bug in jessie/stretch? It has been fixed in wheezy at some point, but is it still relevant for newer releases? Andreas
Bug#631504: ntfs-3g: unusable for non-root users with or without setuid
Tags: patch
Removing --with-fuse=external or replacing it with
--with-fuse=internal in the configuration part of the rules files
solves the problem.
Is there a reason to use the external fuse library instead of the
ntfs-3g internal one ?
--
Christophe Monniez christophe.monn...@fccu.be
--- rules.orig 1970-01-01 01:00:00.0 +0100
+++ rules 2011-08-05 08:41:57.0 +0200
@@ -0,0 +1,97 @@
+#!/usr/bin/make -f
+
+SHELL := sh -e
+
+DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+
+CFLAGS = -Wall -g
+
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+ CFLAGS += -O0
+else
+ CFLAGS += -O2
+endif
+ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+MAKEFLAGS += -j$(NUMJOBS)
+endif
+
+upstream:
+ lynx -dump http://b.andre.pagesperso-orange.fr/changelog.html debian/local/changelog
+
+%:
+ dh ${@} --with autotools_dev
+
+override_dh_auto_configure:
+ dh_auto_configure -- --host=$(DEB_HOST_GNU_TYPE) \
+--build=$(DEB_BUILD_GNU_TYPE) \
+--prefix=/usr \
+--exec-prefix=/ \
+--mandir=\$${prefix}/share/man \
+--enable-crypto \
+--enable-extras \
+--enable-posix-acls \
+--enable-xattr-mappings \
+--disable-ldconfig \
+--with-fuse=internal \
+CFLAGS=$(CFLAGS) \
+LDFLAGS=-Wl,-z,defs
+
+override_dh_auto_install:
+ dh_auto_install
+
+ # adding initramfs-tools integration
+ install -D -m 0755 debian/local/ntfs-3g.hook debian/ntfs-3g/usr/share/initramfs-tools/hooks/ntfs_3g
+ install -D -m 0755 debian/local/ntfs-3g.local-premount debian/ntfs-3g/usr/share/initramfs-tools/scripts/local-premount/ntfs_3g
+ install -D -m 0755 debian/local/ntfs-3g.local-bottom debian/ntfs-3g/usr/share/initramfs-tools/scripts/local-bottom/ntfs_3g
+
+ # removing unused files
+ rm -f debian/tmp/lib/*.la
+
+ # removing rpath
+ for _PROGRAM in \
+ bin/lowntfs-3g \
+ bin/ntfs-3g \
+ bin/ntfs-3g.probe \
+ bin/ntfs-3g.secaudit \
+ bin/ntfs-3g.usermap \
+ bin/ntfscat \
+ bin/ntfscluster \
+ bin/ntfscmp \
+ bin/ntfsck \
+ bin/ntfsdecrypt \
+ bin/ntfsdump_logfile \
+ bin/ntfsfix \
+ bin/ntfsinfo \
+ bin/ntfsls \
+ bin/ntfsmftalloc \
+ bin/ntfsmove \
+ bin/ntfstruncate \
+ bin/ntfswipe \
+ sbin/mkntfs \
+ sbin/ntfsclone \
+ sbin/ntfscp \
+ sbin/ntfslabel \
+ sbin/ntfsresize \
+ sbin/ntfsundelete; \
+ do \
+ chrpath --delete debian/tmp/$${_PROGRAM}; \
+ done
+
+override_dh_installchangelogs:
+ dh_installchangelogs debian/local/changelog
+
+override_dh_install:
+ dh_install --fail-missing
+
+override_dh_link:
+ rm -rf debian/ntfs-3g-dev/usr/share/doc
+
+ # correcting symlink target
+ dh_link -pntfs-3g-dev lib/$$(basename $$(readlink debian/tmp/usr/lib/libntfs-3g.so)) usr/lib/libntfs-3g.so
+
+ dh_link --remaining-packages
+
+override_dh_strip:
+ dh_strip --dbg-package=ntfs-3g-dbg
Bug#631504: ntfs-3g: unusable for non-root users with or without setuid
tag 631504 - patch thanks On 08/05/2011 09:21 AM, Christophe Monniez wrote: Is there a reason to use the external fuse library instead of the ntfs-3g internal one ? security reasons and no code-duplication. the remaining issues with using the systems fuse should be fixed in the code, the internal one is not an acceptable workaround. -- Address:Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern Email: daniel.baum...@progress-technologies.net Internet: http://people.progress-technologies.net/~daniel.baumann/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#631504: ntfs-3g: unusable for non-root users with or without setuid
Package: ntfs-3g Version: 1:2011.1.15AR.4+2011.4.12-2 Severity: normal Mounting NTFS volumes through gvfs currently fails with an error from ntfs-3g Error mounting: mount exited with exit code 1: helper failed with: Unprivileged user can not mount NTFS block devices using the external FUSE library. Either mount the volume as root, or rebuild NTFS-3G with integrated FUSE support and make it setuid root. Please see more information at http://ntfs-3g.org/support.html#unprivileged after reconfiguring it to use setuit root, the error message changes to: Error mounting: mount exited with exit code 1: helper failed with: Mount is denied because setuid and setgid root ntfs-3g is insecure with the external FUSE library. Either remove the setuid/setgid bit from the binary or rebuild NTFS-3G with integrated FUSE support and make it setuid root. Please see more information at http://ntfs-3g.org/support.html#unprivileged So it is currently unusable either way -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.39-2-686-pae (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages ntfs-3g depends on: ii debconf [deb 1.5.39 Debian configuration management sy ii fuse-utils 2.8.5-3 Filesystem in Userspace (transitio ii libc62.13-7 Embedded GNU C Library: Shared lib ii libfuse2 2.8.5-3 Filesystem in Userspace (library) ii libntfs-3g80 1:2011.1.15AR.4+2011.4.12-2 read-write NTFS driver for FUSE (l ntfs-3g recommends no packages. ntfs-3g suggests no packages. -- debconf information: * ntfs-3g/setuid-root: false -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
