X-Loop: help-debbugs@HIDDEN
Subject: bug#46980: ntfs-3g and setuid root with an external FUSE library
Resent-From: Abdelhakim Qbaich <abdelhakim@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Sun, 07 Mar 2021 00:32:01 +0000
Resent-Message-ID: <handler.46980.B.161507706928316 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 46980
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: 46980 <at> debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.161507706928316
(code B ref -1); Sun, 07 Mar 2021 00:32:01 +0000
Received: (at submit) by debbugs.gnu.org; 7 Mar 2021 00:31:09 +0000
Received: from localhost ([127.0.0.1]:38583 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lIhK8-0007Md-SN
for submit <at> debbugs.gnu.org; Sat, 06 Mar 2021 19:31:09 -0500
Received: from lists.gnu.org ([209.51.188.17]:55692)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <abdelhakim@HIDDEN>) id 1lIfLq-00041l-5K
for submit <at> debbugs.gnu.org; Sat, 06 Mar 2021 17:24:46 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:34172)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <abdelhakim@HIDDEN>)
id 1lIfLp-0001WQ-V7
for bug-guix@HIDDEN; Sat, 06 Mar 2021 17:24:45 -0500
Received: from out1.migadu.com ([91.121.223.63]:22133)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <abdelhakim@HIDDEN>)
id 1lIfLn-00005b-DT
for bug-guix@HIDDEN; Sat, 06 Mar 2021 17:24:45 -0500
Date: Sat, 6 Mar 2021 14:24:32 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qbaich.com; s=key1;
t=1615069477;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding;
bh=s/Knb+m2EwAsm5XyOnGmC4wfQYP9PloX1AaXyQHdaPw=;
b=Ln1KOjvWQSztLvnqr5cNrEktetz/Dsg3XsYKYD3xY0pDxyElFOUcuxohLDDQ9K0wA+JjjU
RjVBwEbuIBoxXwgbLlGzmZEhh9gXtOv1TwduKtRex626uzzdCiNZf//rRYPFwEpFxXN8bv
4ZTARCu3h7N1JQLOUgX/8tfXtd427prJUuz5C7R6BU8hgeo8K2ou7jYYUlglgSlgJ5Bc3+
zCYxf0jtobC1Ah0HEyyU5YNLQn0b9NZFsn4YbNL5laZ5ThfQD5plqke33YaELwaBwM9rMj
X4Rb4d5OBQflzsWF3QIQOEU4Z8pUS43ldtZraFFOoJYof3cz4jzty78iMe0kRA==
X-Report-Abuse: Please report any abuse attempt to abuse@HIDDEN and
include these headers.
From: Abdelhakim Qbaich <abdelhakim@HIDDEN>
Message-ID: <20210306142432.5997158a@rome>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Migadu-Flow: FLOW_OUT
X-Migadu-Auth-User: abdelhakim@HIDDEN
Received-SPF: pass client-ip=91.121.223.63; envelope-from=abdelhakim@HIDDEN;
helo=out1.migadu.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Mailman-Approved-At: Sat, 06 Mar 2021 19:31:08 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.4 (--)
Hi,
In the default set of desktop services, ntfs-3g is made setuid root:
> (simple-service 'mount-setuid-helpers setuid-program-service-type
> (list (file-append nfs-utils "/sbin/mount.nfs")
> (file-append ntfs-3g "/sbin/mount.ntfs-3g")))
However, as it is built with:
> "--with-fuse=external" ;use our own FUSE
Running mount.ntfs-3g yields:
> Mount is denied because setuid and setgid root ntfs-3g is insecure
> with the external FUSE library. Either remove the setuid/setgid bit
> from the binary or rebuild NTFS-3G with integrated FUSE support and
> make it setuid root.
--
Abdelhakim Qbaich
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Abdelhakim Qbaich <abdelhakim@HIDDEN> Subject: bug#46980: Acknowledgement (ntfs-3g and setuid root with an external FUSE library) Message-ID: <handler.46980.B.161507706928316.ack <at> debbugs.gnu.org> References: <20210306142432.5997158a@rome> X-Gnu-PR-Message: ack 46980 X-Gnu-PR-Package: guix Reply-To: 46980 <at> debbugs.gnu.org Date: Sun, 07 Mar 2021 00:32:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): bug-guix@HIDDEN If you wish to submit further information on this problem, please send it to 46980 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 46980: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D46980 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN
Subject: bug#46980: ntfs-3g and setuid root with an external FUSE library
References: <20210306142432.5997158a@rome>
In-Reply-To: <20210306142432.5997158a@rome>
Resent-From: William <willbilly@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Mon, 04 Mar 2024 23:04:02 +0000
Resent-Message-ID: <handler.46980.B46980.17095934409189 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 46980
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: 46980 <at> debbugs.gnu.org, abdelhakim@HIDDEN
Received: via spool by 46980-submit <at> debbugs.gnu.org id=B46980.17095934409189
(code B ref 46980); Mon, 04 Mar 2024 23:04:02 +0000
Received: (at 46980) by debbugs.gnu.org; 4 Mar 2024 23:04:00 +0000
Received: from localhost ([127.0.0.1]:45242 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rhHLj-0002O4-1X
for submit <at> debbugs.gnu.org; Mon, 04 Mar 2024 18:04:00 -0500
Received: from fedora.email ([205.185.120.125]:43309)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <willbilly@HIDDEN>) id 1rhDz6-0007k4-Jh
for 46980 <at> debbugs.gnu.org; Mon, 04 Mar 2024 14:28:25 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fedora.email;
q=dns/txt; s=aug2020; bh=94rd0Fu8F/7skny1QpxoP8BBxOGnWvfrbpSfJb6wNNg=;
h=from:subject:date:message-id:to:mime-version:content-type:content-transfer-encoding;
b=buiABT8edIEdHyuz0NvfBF+fWgGDowWqMF8t+iUtJuf2xscAwOOQpLF4ttcfh5AHNVlqGeLwC
vUBSghCNm8qXByp5bGT0SahIuAeGoZrQcawDikPMkdWZ9Ho7o0KCoJg0LHHVsBMi+waTjR7/FbW
9meHoB3kTiO7EdFSApim3z4=
Received: from localhost ([185.242.251.193] 185.242.251.193-ip.operadors.cat)
(Authenticated sender: willbilly)
by fedora.email (ZoneMTA) with ESMTPSA id 18e0aefab870000176.001
for <46980 <at> debbugs.gnu.org>
(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);
Mon, 04 Mar 2024 19:27:43 +0000
X-Zone-Loop: 0f55134c6f52d91224154c299f9540d476cd53da26c8
X-Originating-IP: [185.242.251.193]
Date: Mon, 4 Mar 2024 20:27:39 +0100
From: William <willbilly@HIDDEN>
Message-ID: <20240304202739.091706f9@HIDDEN>
X-Mailer: Claws Mail 4.1.1 (GTK 3.24.37; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Score: 3.5 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hello. Reminder that this issue is still a thing, I'm unable
to mount NTFS partitions at boot because ntfs-3g relies on the external FUSE
kernel module and refuses to run with setuid right now. The only two possible
workarounds I can see is either manually mounting the partition after boot
as sudo/superuser, or compile ntfs-3g modified locally with the FUSE support
enabled, and use the modif [...]
Content analysis details: (3.5 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[185.242.251.193 listed in zen.spamhaus.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-Mailman-Approved-At: Mon, 04 Mar 2024 18:03:57 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.5 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Hello. Reminder that this issue is still a thing, I'm unable
to mount NTFS partitions at boot because ntfs-3g relies on the external FUSE
kernel module and refuses to run with setuid right now. The only two possible
workarounds I can see is either manually mounting the partition after boot
as sudo/superuser, or compile ntfs-3g modified locally with the FUSE support
enabled, and use the modif [...]
Content analysis details: (2.5 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[185.242.251.193 listed in zen.spamhaus.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
Hello.
Reminder that this issue is still a thing, I'm unable to mount NTFS
partitions at boot because ntfs-3g relies on the external FUSE kernel
module and refuses to run with setuid right now.
The only two possible workarounds I can see is either manually mounting
the partition after boot as sudo/superuser, or compile ntfs-3g modified
locally with the FUSE support enabled, and use the modified version
instead.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.