On Sat, May 16, 2009 at 03:47:03PM +0200, Javier Fernández-Sanguino Peña wrote: > > tags 445418 patch > thanks > > I have written a patch (heavily based on netselect's code) to fix this bug by > having the package ask the administrator if he wants ntfs-3g to be setuid. (...)
It seems there is no willingness to add this patch to the package. Users reading this bug report might want to do this to get their permissions setup for local users (but please note the security issues) right run (as root): dpkg-statoverride --update --add root fuse 4750 /usr/bin/ntfs-3g This will setup the /usr/bin/ntfs-3g binary with somewhat restricted permissions: only users from the fuser group will be able to execute it and the binary will be setup setuid. In the case of a security issue in the /usr/bin/ntfs-3g binary (or the libraries it calls) at least only local users belonging to the 'fuse' group will be able to exploit it. If the package gets updated in the future this will prevent the packaging system from overriding the local changes, which will happen if you follow the indications at http://www.tuxera.com/community/ntfs-3g-faq/#unprivileged Regards Javier
signature.asc
Description: Digital signature
