GNU bug report logs - #46980
ntfs-3g and setuid root with an external FUSE library

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Reported by: Abdelhakim Qbaich <abdelhakim@HIDDEN>; dated Sun, 7 Mar 2021 00:32:01 UTC; Maintainer for guix is bug-guix@HIDDEN.

Message received at 46980 <at> debbugs.gnu.org:


Received: (at 46980) by debbugs.gnu.org; 4 Mar 2024 23:04:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Mar 04 18:04:00 2024
Received: from localhost ([127.0.0.1]:45242 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1rhHLj-0002O4-1X
	for submit <at> debbugs.gnu.org; Mon, 04 Mar 2024 18:04:00 -0500
Received: from fedora.email ([205.185.120.125]:43309)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <willbilly@HIDDEN>) id 1rhDz6-0007k4-Jh
 for 46980 <at> debbugs.gnu.org; Mon, 04 Mar 2024 14:28:25 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fedora.email;
 q=dns/txt; s=aug2020; bh=94rd0Fu8F/7skny1QpxoP8BBxOGnWvfrbpSfJb6wNNg=;
 h=from:subject:date:message-id:to:mime-version:content-type:content-transfer-encoding;
 b=buiABT8edIEdHyuz0NvfBF+fWgGDowWqMF8t+iUtJuf2xscAwOOQpLF4ttcfh5AHNVlqGeLwC
 vUBSghCNm8qXByp5bGT0SahIuAeGoZrQcawDikPMkdWZ9Ho7o0KCoJg0LHHVsBMi+waTjR7/FbW
 9meHoB3kTiO7EdFSApim3z4=
Received: from localhost ([185.242.251.193] 185.242.251.193-ip.operadors.cat)
 (Authenticated sender: willbilly)
 by fedora.email (ZoneMTA) with ESMTPSA id 18e0aefab870000176.001
 for <46980 <at> debbugs.gnu.org>
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);
 Mon, 04 Mar 2024 19:27:43 +0000
X-Zone-Loop: 0f55134c6f52d91224154c299f9540d476cd53da26c8
X-Originating-IP: [185.242.251.193]
Date: Mon, 4 Mar 2024 20:27:39 +0100
From: William <willbilly@HIDDEN>
To: 46980 <at> debbugs.gnu.org, abdelhakim@HIDDEN
Subject: ntfs-3g and setuid root with an external FUSE library
Message-ID: <20240304202739.091706f9@HIDDEN>
X-Mailer: Claws Mail 4.1.1 (GTK 3.24.37; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spam-Score: 3.5 (+++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  Hello. Reminder that this issue is still a thing, I'm unable
 to mount NTFS partitions at boot because ntfs-3g relies on the external FUSE
 kernel module and refuses to run with setuid right now. The only two possible
 workarounds I can see is either manually mounting the partition after boot
 as sudo/superuser, or compile ntfs-3g modified locally with the FUSE support
 enabled, and use the modif [...] 
 Content analysis details:   (3.5 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 3.6 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
 [185.242.251.193 listed in zen.spamhaus.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
X-Debbugs-Envelope-To: 46980
X-Mailman-Approved-At: Mon, 04 Mar 2024 18:03:57 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 2.5 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Hello. Reminder that this issue is still a thing, I'm unable
    to mount NTFS partitions at boot because ntfs-3g relies on the external FUSE
    kernel module and refuses to run with setuid right now. The only two possible
    workarounds I can see is either manually mounting the partition after boot
    as sudo/superuser, or compile ntfs-3g modified locally with the FUSE support
    enabled, and use the modif [...] 
 
 Content analysis details:   (2.5 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  3.6 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
                             [185.242.251.193 listed in zen.spamhaus.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.0 T_SCC_BODY_TEXT_LINE   No description available.
 -1.0 MAILING_LIST_MULTI     Multiple indicators imply a widely-seen list
                             manager

Hello.

Reminder that this issue is still a thing, I'm unable to mount NTFS
partitions at boot because ntfs-3g relies on the external FUSE kernel
module and refuses to run with setuid right now.

The only two possible workarounds I can see is either manually mounting
the partition after boot as sudo/superuser, or compile ntfs-3g modified
locally with the FUSE support enabled, and use the modified version
instead.




Information forwarded to bug-guix@HIDDEN:
bug#46980; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 7 Mar 2021 00:31:09 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Mar 06 19:31:09 2021
Received: from localhost ([127.0.0.1]:38583 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lIhK8-0007Md-SN
	for submit <at> debbugs.gnu.org; Sat, 06 Mar 2021 19:31:09 -0500
Received: from lists.gnu.org ([209.51.188.17]:55692)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <abdelhakim@HIDDEN>) id 1lIfLq-00041l-5K
 for submit <at> debbugs.gnu.org; Sat, 06 Mar 2021 17:24:46 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:34172)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <abdelhakim@HIDDEN>)
 id 1lIfLp-0001WQ-V7
 for bug-guix@HIDDEN; Sat, 06 Mar 2021 17:24:45 -0500
Received: from out1.migadu.com ([91.121.223.63]:22133)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <abdelhakim@HIDDEN>)
 id 1lIfLn-00005b-DT
 for bug-guix@HIDDEN; Sat, 06 Mar 2021 17:24:45 -0500
Date: Sat, 6 Mar 2021 14:24:32 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qbaich.com; s=key1;
 t=1615069477;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=s/Knb+m2EwAsm5XyOnGmC4wfQYP9PloX1AaXyQHdaPw=;
 b=Ln1KOjvWQSztLvnqr5cNrEktetz/Dsg3XsYKYD3xY0pDxyElFOUcuxohLDDQ9K0wA+JjjU
 RjVBwEbuIBoxXwgbLlGzmZEhh9gXtOv1TwduKtRex626uzzdCiNZf//rRYPFwEpFxXN8bv
 4ZTARCu3h7N1JQLOUgX/8tfXtd427prJUuz5C7R6BU8hgeo8K2ou7jYYUlglgSlgJ5Bc3+
 zCYxf0jtobC1Ah0HEyyU5YNLQn0b9NZFsn4YbNL5laZ5ThfQD5plqke33YaELwaBwM9rMj
 X4Rb4d5OBQflzsWF3QIQOEU4Z8pUS43ldtZraFFOoJYof3cz4jzty78iMe0kRA==
X-Report-Abuse: Please report any abuse attempt to abuse@HIDDEN and
 include these headers.
From: Abdelhakim Qbaich <abdelhakim@HIDDEN>
To: bug-guix@HIDDEN
Subject: ntfs-3g and setuid root with an external FUSE library
Message-ID: <20210306142432.5997158a@rome>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Migadu-Flow: FLOW_OUT
X-Migadu-Auth-User: abdelhakim@HIDDEN
Received-SPF: pass client-ip=91.121.223.63; envelope-from=abdelhakim@HIDDEN;
 helo=out1.migadu.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Sat, 06 Mar 2021 19:31:08 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

Hi,

In the default set of desktop services, ntfs-3g is made setuid root:

> (simple-service 'mount-setuid-helpers setuid-program-service-type
>                 (list (file-append nfs-utils "/sbin/mount.nfs")
>                       (file-append ntfs-3g "/sbin/mount.ntfs-3g")))

However, as it is built with:

> "--with-fuse=external" ;use our own FUSE

Running mount.ntfs-3g yields:

> Mount is denied because setuid and setgid root ntfs-3g is insecure
> with the external FUSE library. Either remove the setuid/setgid bit
> from the binary or rebuild NTFS-3G with integrated FUSE support and
> make it setuid root.

-- 
Abdelhakim Qbaich




Acknowledgement sent to Abdelhakim Qbaich <abdelhakim@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-guix@HIDDEN. Full text available.
Report forwarded to bug-guix@HIDDEN:
bug#46980; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 4 Mar 2024 23:15:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.