ntfs-3g and setuid root with an external FUSE library

  • Open
  • quality assurance status badge
Details
2 participants
  • Abdelhakim Qbaich
  • William
Owner
unassigned
Submitted by
Abdelhakim Qbaich
Severity
normal
A
A
Abdelhakim Qbaich wrote on 6 Mar 2021 23:24
(address . bug-guix@gnu.org)
20210306142432.5997158a@rome
Hi,

In the default set of desktop services, ntfs-3g is made setuid root:

Toggle quote (4 lines)
> (simple-service 'mount-setuid-helpers setuid-program-service-type
> (list (file-append nfs-utils "/sbin/mount.nfs")
> (file-append ntfs-3g "/sbin/mount.ntfs-3g")))

However, as it is built with:

Toggle quote (2 lines)
> "--with-fuse=external" ;use our own FUSE

Running mount.ntfs-3g yields:

Toggle quote (5 lines)
> Mount is denied because setuid and setgid root ntfs-3g is insecure
> with the external FUSE library. Either remove the setuid/setgid bit
> from the binary or rebuild NTFS-3G with integrated FUSE support and
> make it setuid root.

--
Abdelhakim Qbaich
W
W
William wrote on 4 Mar 20:27 +0100
20240304202739.091706f9@fedora.email
Hello.

Reminder that this issue is still a thing, I'm unable to mount NTFS
partitions at boot because ntfs-3g relies on the external FUSE kernel
module and refuses to run with setuid right now.

The only two possible workarounds I can see is either manually mounting
the partition after boot as sudo/superuser, or compile ntfs-3g modified
locally with the FUSE support enabled, and use the modified version
instead.
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send an email to 46980@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 46980
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch