Bug#631504: confused about this bug report

2016-04-20 Thread Faheem Mitha 


Hi,

I'm using Debian jessie/stable.

I see that there was much discussion about using the internal FUSE 
library, which finally did happen before jessie, and I confirmed that the 
jessie version *is* using the internal version. But mounting as user is 
still not working for me. I get


mount /mnt/passport/
Error opening '/dev/sde1': Permission denied
Failed to mount '/dev/sde1': Permission denied
Please check '/dev/sde1' and the ntfs-3g binary permissions,
and the mounting user ID. More explanation is provided at
http://tuxera.com/community/ntfs-3g-faq/#unprivileged

I have the following in my /etc/fstab

UUID="4E1AEA7B1AEA6007" /mnt/passport  autorw,user,noauto  0   0

Can anyone help me out? Thanks.

 Regards, Faheem Mitha

Bug#631504: ntfs-3g: unusable for non-root users with or without setuid

2015-09-13 Thread Andreas Beckmann 
What's the status of this bug in jessie/stretch?
It has been fixed in wheezy at some point, but is it still relevant for
newer releases?


Andreas

Bug#631504:

2014-03-31 Thread fbayer 
Same bug here for me.
Fresh wheezy stable lxde install from usb harddisk.
Needed to remove /mnt/usb0 line from fstab to make usb mounting work.

Bug#631504: (no subject)

2014-03-23 Thread Bodo Eggert 
I have to agree with Klaus Knopper. This is ridiculous. Just because you 
think internalizing the library would 
be insecure, all the users are forced to write C wrappers or compile their 
own ntfs-3g, which bosth will in effect be WAY LESS SECURE, because of the 
very reasons you are trying to avoid:

1) People will inexperiencedly make it work. They are mostly worse than 
you at keeping things secure. You can tell yourself that it wasn't you, 
but it was you who made the people fix the problem you created by shipping 
a broken ntfs-3g.

2) Homebuild ntfs-3g versions aren't updated with the system, leaving the 
system to be vulnerable after fuse's bugs are patched in the repository.

3) Wrappers will tear holes because they cause security checks in ntfs-3g 
to be skipped, and they will possibly tear open all the holes you are 
also trying to keep shut.


Here is my suid wrapper, just to eliminate any doubt that YOUR 
NON-SOLUTION of this bug WILL CREATE SECURITY RISKS for every user:

#include stdlib.h
#include string.h
int main(int argc, char* argv[]){
char* prog = malloc(strlen(argv[0])+5);
strcpy(prog, argv[0]);
strcat(prog, .bin);
int uid=geteuid();
setuid(uid);
execvp(prog, argv);
exit(127);
}

I'd bet you can find a security risk there besides the fact that it 
eliminates the ntfs-3g security checks and alters the defaults.

PS: I don't have any USB drives in /etc/fstab.

My version of Debian:
deb cdrom:[Debian GNU/Linux 7.3.0 _Wheezy_ - Official amd64 NETINST 
Binary-1 20131215-04:55]/ wheezy main


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#631504:

2013-10-01 Thread Kelvin Luu 
Just wanted to add that this bug is still active in Debian 7.1.


With a Verbatim 1TB HD I was able to mount and manipulate files. After removing 
the external drive and then plugging it back in it came up with the 
unprivileged user error. Commenting out the mentioned USB lines did solve the 
problem. Installation was through USB net install.

Bug#631504: Fwd: Re: unusable for non-root users with or without setuid

2013-08-22 Thread basti 
Hi,
same behavior like Message #115.

basti


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#631504: unusable for non-root users with or without setuid

2013-06-06 Thread Łukasz Korczyk 
Hi, 
I'm confirming, bug still exist in freshly installed from usb stick
wheezy after it become stable.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#631504: unusable for non-root users with or without setuid

2013-05-29 Thread Mike Roddewig 
Package: ntfs-3g
Version: 1:2013.1.13AR.1-2
Followup-For: Bug #631504

Dear Maintainer,

There appears to be a regression of this bug in Jessie, when trying to
automount an external NTFS drive in Gnome I received the first error
Unprivileged user can not mount NTFS block devices using the external FUSE
library. [...] with setuid unset, received the second error Mount is denied
because setuid and setgid root ntfs-3g is insecure with the
external FUSE library. with setuid set.



-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ntfs-3g depends on:
ii  debconf [debconf-2.0]  1.5.50
ii  fuse   2.9.0-2+deb7u1
ii  libc6  2.17-3
ii  libfuse2   2.9.0-2+deb7u1
ii  libgcrypt111.5.0-5
ii  libgnutls262.12.20-6
ii  multiarch-support  2.17-3

ntfs-3g recommends no packages.

ntfs-3g suggests no packages.

-- debconf information:
* ntfs-3g/setuid-root: true
* ntfs-3g/initramfs: true


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#631504: unusable for non-root users with or without setuid

2013-02-04 Thread CruX 
Package: ntfs-3g
Version: 1:2012.1.15AR.5-2.1
Followup-For: Bug #631504

Dear Maintainer,

I added information to an installation report [1] which confirms this bug, at 
least in a freshly installed system.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646795#58

-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (700, 'testing'), (600, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.7-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ntfs-3g depends on:
ii  debconf [debconf-2.0]  1.5.49
ii  fuse   2.9.0-2+deb7u1
ii  libc6  2.13-37
ii  libfuse2   2.9.0-2+deb7u1
ii  libgcrypt111.5.0-3
ii  libgnutls262.12.20-2
ii  multiarch-support  2.13-37

ntfs-3g recommends no packages.

ntfs-3g suggests no packages.

-- debconf information:
  ntfs-3g/setuid-root: false
  ntfs-3g/initramfs: true


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#631504: Unable to mount external USB devices -- Wheezy KDE

2012-10-18 Thread Jonathan Dotson 
I can confirm that deleting the usb device entry from fstab will fix the
issue (in my case anyway).

Bug#631504: Works with Internal Fuse

2012-06-29 Thread Paul Jones 
Just confirming that this does work if you supply -with-fuse=internal in 
the configuration options in the rules file. The patch supplied earlier 
does not work.


I suspect that it's best to use the internal fuse because i do suspect 
it has key differences from the standard fuse as stated earlier.




--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#631504: ntfs-3g needs to be compiled with --with-fuse=internal and installed setuid root

2012-06-14 Thread Klaus Knopper 
Package: ntfs-3g
Version: 1:2012.1.15AR.5-1
Severity: normal


The error message caused by unprovileged ntfs-3g mount tells the
solution from the upstream documentation, see
http://tuxera.com/community/ntfs-3g-faq/#unprivileged

Using external fuse in setuid root programs is considered insecure by
upstream, so user mount is disabled when compiling with
--with-fuse=external. Recompiling with --with-fuse=internal and installing 
setuid
root as described on the tuxera website fixes the problem.

-- System Information:
Debian Release: 6.0.3
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable'), 
(500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.4.2 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ntfs-3g depends on:
ii  debconf [debconf-2.0] 1.5.41 Debian configuration management sy
ii  fuse  2.8.6-4Filesystem in Userspace
ii  libc6 2.13-24Embedded GNU C Library: Shared lib
ii  libfuse2  2.8.6-4Filesystem in Userspace (library)
ii  libgcrypt11   1.5.0-3LGPL Crypto library - runtime libr
ii  libgnutls26   2.12.18-1  GNU TLS library - runtime library
ii  libuuid1  2.17.2-9   Universally Unique ID library
ii  multiarch-support 2.13-24Transitional package to ensure mul

ntfs-3g recommends no packages.

ntfs-3g suggests no packages.

-- debconf information:
  ntfs-3g/setuid-root: false
  ntfs-3g/initramfs: true


-- System Information:
Debian Release: 6.0.3
  APT prefers stable
  APT policy: (990, 'stable'), (500, 'stable-updates'), (500, 'unstable'), 
(500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.4.2 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ntfs-3g depends on:
ii  debconf [debconf-2.0] 1.5.41 Debian configuration management sy
ii  fuse  2.8.6-4Filesystem in Userspace
ii  libc6 2.13-24Embedded GNU C Library: Shared lib
ii  libfuse2  2.8.6-4Filesystem in Userspace (library)
ii  libgcrypt11   1.5.0-3LGPL Crypto library - runtime libr
ii  libgnutls26   2.12.18-1  GNU TLS library - runtime library
ii  libuuid1  2.17.2-9   Universally Unique ID library
ii  multiarch-support 2.13-24Transitional package to ensure mul

ntfs-3g recommends no packages.

ntfs-3g suggests no packages.

-- debconf information:
  ntfs-3g/setuid-root: false
  ntfs-3g/initramfs: true



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#631504: ntfs-3g needs to be compiled with --with-fuse=internal and installed setuid root

2012-06-14 Thread Daniel Baumann 
reopen 631504
reopen 637805
thanks

On 06/14/2012 10:48 PM, Daniel Baumann wrote:
 see the other bug reports about this where i've commented on the issue.

sorry, i though you opened a new bug.. anyhow, you've seen the reasoning
for not building ntfs-3g with internal fuse.

-- 
Address:Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email:  daniel.baum...@progress-technologies.net
Internet:   http://people.progress-technologies.net/~daniel.baumann/



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#631504: ntfs-3g needs to be compiled with --with-fuse=internal and installed setuid root

2012-06-14 Thread Klaus Knopper 
Hello Daniel,

On Thu, Jun 14, 2012 at 10:55:01PM +0200, Daniel Baumann wrote:
 reopen 631504
 reopen 637805
 thanks
 
 On 06/14/2012 10:48 PM, Daniel Baumann wrote:
  see the other bug reports about this where i've commented on the issue.
 
 sorry, i though you opened a new bug.. anyhow, you've seen the reasoning
 for not building ntfs-3g with internal fuse.

Actually, I didn't see it, sorry. reportbug is somewhat unintitive,
apparently I just read the primary error descriptions and answered them.
Using the WWW variant now.

You probably mean this:

 security reasons and no code-duplication. the remaining issues with
 using the systems fuse should be fixed in the code, the internal one is
 not an acceptable workaround.

I strongly disagree with you in the point of view that using ntfs-3gs
internal fuse implementation would be a security problem or just a
workaround. I understand that the author of ntfs-3g considers it a
security issue if a setuid program relies on a potentially insecure
external library. I can see his point, that using the internal fuse of
ntfs-3g would actually increase security by reducing an entry point for
attacks and makes ntfs-3g more atomic.

About code duplication: Have you actually checked if the internal fuse
code is identical to the external one? I don't think it is. Even if it
wastes a few bytes, I would rather trust the ntfs-3g authors fuse
implementation because he designed ntfs-3g secure enough to allow it
running as root with careful permission checks. If the external fuse
libs get upgraded, this does not mean it is wise to also upgrade
ntfs-3gs internal fuse implementation as well.

At this point, I would now have to use a fork of ntfs-3g again, since
normal users should be able to mount NTFS volumes without having to
explicitly gain root access. With the current official package, this is
not possible, and there is no working desktop integration of the ntfs-3g
suite because of the privilege issues.

Regards
-Klaus



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#631504:

2012-06-06 Thread Johan Kröckel 
I had the same problem with the strange lines in fstab and I know why:
because I installed using an usb-stick and the installer added its
partitions to fstab. So I think it's an installer bug...



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#631504:

2012-06-06 Thread Johan Kröckel 
And btw the installer did not add my default user to group fuse, but I
solved that problem before.



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#631504: (no subject)

2012-05-18 Thread Michal Wirth 
Hi,

I had recently the same problem with my new wheezy install (upgraded from 
squeeze). There were 
those external FUSE library complaints (mentioned above) while mounting NTFS 
USB flashdrive.

I've tried to build my own version of ntfs-3g package with 
--with-fuse=internal flag enabled in 
the rules file. But it didn't work for me either. There were some permission 
denied errors while 
opening the /dev/sdb1 device during mount. But device permissions seemed OK to 
me.

Later I've noticed that in /etc/fstab file was a /dev/sdb1 /media/usb0 auto 
rw,user,noauto 0 0 
line. I've tried to remove this strange line (I don't know how it got there) 
and it helped. Now 
mounting of NTFS drives works just fine (even with distribution version of 
ntfs-3g package).

May be that this will work for you too.

Bye,

Michal Wirth




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#631504: Push the solution forward

2012-01-19 Thread Brian Hansen 
Why hasn't this been pushed forward to Squeeze?

It's really annoying!



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#631504: Push the solution forward

2012-01-19 Thread Daniel Baumann 
On 01/19/2012 10:13 AM, Brian Hansen wrote:
 Why hasn't this been pushed forward to Squeeze?

because it would first need to be fixed in sid, for starters, and as
pointed out, the proposed 'solution' is not an acceptable solution.

 It's really annoying!

patches welcome.

-- 
Address:Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email:  daniel.baum...@progress-technologies.net
Internet:   http://people.progress-technologies.net/~daniel.baumann/



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#631504: ntfs-3g: unusable for non-root users with or without setuid

2011-08-05 Thread Christophe Monniez 
Tags: patch

Removing --with-fuse=external or replacing it with
--with-fuse=internal in the configuration part of the rules files
solves the problem.

Is there a reason to use the external fuse library instead of the
ntfs-3g internal one ?

-- 
Christophe Monniez christophe.monn...@fccu.be
--- rules.orig	1970-01-01 01:00:00.0 +0100
+++ rules	2011-08-05 08:41:57.0 +0200
@@ -0,0 +1,97 @@
+#!/usr/bin/make -f
+
+SHELL := sh -e
+
+DEB_HOST_GNU_TYPE   ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
+DEB_BUILD_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
+
+CFLAGS = -Wall -g
+
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+	CFLAGS += -O0
+else
+	CFLAGS += -O2
+endif
+ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+NUMJOBS = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
+MAKEFLAGS += -j$(NUMJOBS)
+endif
+
+upstream:
+	lynx -dump http://b.andre.pagesperso-orange.fr/changelog.html  debian/local/changelog
+
+%:
+	dh ${@} --with autotools_dev
+
+override_dh_auto_configure:
+	dh_auto_configure --	--host=$(DEB_HOST_GNU_TYPE) \
+--build=$(DEB_BUILD_GNU_TYPE) \
+--prefix=/usr \
+--exec-prefix=/ \
+--mandir=\$${prefix}/share/man \
+--enable-crypto \
+--enable-extras \
+--enable-posix-acls \
+--enable-xattr-mappings \
+--disable-ldconfig \
+--with-fuse=internal \
+CFLAGS=$(CFLAGS) \
+LDFLAGS=-Wl,-z,defs
+
+override_dh_auto_install:
+	dh_auto_install
+
+	# adding initramfs-tools integration
+	install -D -m 0755 debian/local/ntfs-3g.hook debian/ntfs-3g/usr/share/initramfs-tools/hooks/ntfs_3g
+	install -D -m 0755 debian/local/ntfs-3g.local-premount debian/ntfs-3g/usr/share/initramfs-tools/scripts/local-premount/ntfs_3g
+	install -D -m 0755 debian/local/ntfs-3g.local-bottom debian/ntfs-3g/usr/share/initramfs-tools/scripts/local-bottom/ntfs_3g
+
+	# removing unused files
+	rm -f debian/tmp/lib/*.la
+
+	# removing rpath
+	for _PROGRAM in \
+		bin/lowntfs-3g \
+		bin/ntfs-3g \
+		bin/ntfs-3g.probe \
+		bin/ntfs-3g.secaudit \
+		bin/ntfs-3g.usermap \
+		bin/ntfscat \
+		bin/ntfscluster \
+		bin/ntfscmp \
+		bin/ntfsck \
+		bin/ntfsdecrypt \
+		bin/ntfsdump_logfile \
+		bin/ntfsfix \
+		bin/ntfsinfo \
+		bin/ntfsls \
+		bin/ntfsmftalloc \
+		bin/ntfsmove \
+		bin/ntfstruncate \
+		bin/ntfswipe \
+		sbin/mkntfs \
+		sbin/ntfsclone \
+		sbin/ntfscp \
+		sbin/ntfslabel \
+		sbin/ntfsresize \
+		sbin/ntfsundelete; \
+	do \
+		chrpath --delete debian/tmp/$${_PROGRAM}; \
+	done
+
+override_dh_installchangelogs:
+	dh_installchangelogs debian/local/changelog
+
+override_dh_install:
+	dh_install --fail-missing
+
+override_dh_link:
+	rm -rf debian/ntfs-3g-dev/usr/share/doc
+
+	# correcting symlink target
+	dh_link -pntfs-3g-dev lib/$$(basename $$(readlink debian/tmp/usr/lib/libntfs-3g.so)) usr/lib/libntfs-3g.so
+
+	dh_link --remaining-packages
+
+override_dh_strip:
+	dh_strip --dbg-package=ntfs-3g-dbg

Bug#631504: ntfs-3g: unusable for non-root users with or without setuid

2011-08-05 Thread Daniel Baumann 
tag 631504 - patch
thanks

On 08/05/2011 09:21 AM, Christophe Monniez wrote:
 Is there a reason to use the external fuse library instead of the
 ntfs-3g internal one ?

security reasons and no code-duplication. the remaining issues with
using the systems fuse should be fixed in the code, the internal one is
not an acceptable workaround.

-- 
Address:Daniel Baumann, Donnerbuehlweg 3, CH-3012 Bern
Email:  daniel.baum...@progress-technologies.net
Internet:   http://people.progress-technologies.net/~daniel.baumann/



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#631504: ntfs-3g: unusable for non-root users with or without setuid

2011-06-24 Thread Johannes Rohr 
Package: ntfs-3g
Version: 1:2011.1.15AR.4+2011.4.12-2
Severity: normal


Mounting NTFS volumes through gvfs currently fails with an error from ntfs-3g


Error mounting: mount exited with exit code 1: helper failed with:
Unprivileged user can not mount NTFS block devices using the external FUSE
library. Either mount the volume as root, or rebuild NTFS-3G with integrated
FUSE support and make it setuid root. Please see more information at
http://ntfs-3g.org/support.html#unprivileged

after reconfiguring it to use setuit root, the error message changes to:

Error mounting: mount exited with exit code 1: helper failed with:
Mount is denied because setuid and setgid root ntfs-3g is insecure with the
external FUSE library. Either remove the setuid/setgid bit from the binary
or rebuild NTFS-3G with integrated FUSE support and make it setuid root.
Please see more information at http://ntfs-3g.org/support.html#unprivileged

So it is currently unusable either way


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.39-2-686-pae (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ntfs-3g depends on:
ii  debconf [deb 1.5.39  Debian configuration management sy
ii  fuse-utils   2.8.5-3 Filesystem in Userspace (transitio
ii  libc62.13-7  Embedded GNU C Library: Shared lib
ii  libfuse2 2.8.5-3 Filesystem in Userspace (library)
ii  libntfs-3g80 1:2011.1.15AR.4+2011.4.12-2 read-write NTFS driver for FUSE (l

ntfs-3g recommends no packages.

ntfs-3g suggests no packages.

-- debconf information:
* ntfs-3g/setuid-root: false



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org