From unknown Sat Sep 13 08:55:34 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#46980 <46980@debbugs.gnu.org> To: bug#46980 <46980@debbugs.gnu.org> Subject: Status: ntfs-3g and setuid root with an external FUSE library Reply-To: bug#46980 <46980@debbugs.gnu.org> Date: Sat, 13 Sep 2025 15:55:34 +0000 retitle 46980 ntfs-3g and setuid root with an external FUSE library reassign 46980 guix submitter 46980 Abdelhakim Qbaich severity 46980 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 06 19:31:09 2021 Received: (at submit) by debbugs.gnu.org; 7 Mar 2021 00:31:09 +0000 Received: from localhost ([127.0.0.1]:38583 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lIhK8-0007Md-SN for submit@debbugs.gnu.org; Sat, 06 Mar 2021 19:31:09 -0500 Received: from lists.gnu.org ([209.51.188.17]:55692) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lIfLq-00041l-5K for submit@debbugs.gnu.org; Sat, 06 Mar 2021 17:24:46 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:34172) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lIfLp-0001WQ-V7 for bug-guix@gnu.org; Sat, 06 Mar 2021 17:24:45 -0500 Received: from out1.migadu.com ([91.121.223.63]:22133) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lIfLn-00005b-DT for bug-guix@gnu.org; Sat, 06 Mar 2021 17:24:45 -0500 Date: Sat, 6 Mar 2021 14:24:32 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qbaich.com; s=key1; t=1615069477; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=s/Knb+m2EwAsm5XyOnGmC4wfQYP9PloX1AaXyQHdaPw=; b=Ln1KOjvWQSztLvnqr5cNrEktetz/Dsg3XsYKYD3xY0pDxyElFOUcuxohLDDQ9K0wA+JjjU RjVBwEbuIBoxXwgbLlGzmZEhh9gXtOv1TwduKtRex626uzzdCiNZf//rRYPFwEpFxXN8bv 4ZTARCu3h7N1JQLOUgX/8tfXtd427prJUuz5C7R6BU8hgeo8K2ou7jYYUlglgSlgJ5Bc3+ zCYxf0jtobC1Ah0HEyyU5YNLQn0b9NZFsn4YbNL5laZ5ThfQD5plqke33YaELwaBwM9rMj X4Rb4d5OBQflzsWF3QIQOEU4Z8pUS43ldtZraFFOoJYof3cz4jzty78iMe0kRA== X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. From: Abdelhakim Qbaich To: bug-guix@gnu.org Subject: ntfs-3g and setuid root with an external FUSE library Message-ID: <20210306142432.5997158a@rome> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: abdelhakim@qbaich.com Received-SPF: pass client-ip=91.121.223.63; envelope-from=abdelhakim@qbaich.com; helo=out1.migadu.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.4 (-) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Sat, 06 Mar 2021 19:31:08 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) Hi, In the default set of desktop services, ntfs-3g is made setuid root: > (simple-service 'mount-setuid-helpers setuid-program-service-type > (list (file-append nfs-utils "/sbin/mount.nfs") > (file-append ntfs-3g "/sbin/mount.ntfs-3g"))) However, as it is built with: > "--with-fuse=external" ;use our own FUSE Running mount.ntfs-3g yields: > Mount is denied because setuid and setgid root ntfs-3g is insecure > with the external FUSE library. Either remove the setuid/setgid bit > from the binary or rebuild NTFS-3G with integrated FUSE support and > make it setuid root. -- Abdelhakim Qbaich From debbugs-submit-bounces@debbugs.gnu.org Mon Mar 04 18:04:00 2024 Received: (at 46980) by debbugs.gnu.org; 4 Mar 2024 23:04:00 +0000 Received: from localhost ([127.0.0.1]:45242 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rhHLj-0002O4-1X for submit@debbugs.gnu.org; Mon, 04 Mar 2024 18:04:00 -0500 Received: from fedora.email ([205.185.120.125]:43309) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rhDz6-0007k4-Jh for 46980@debbugs.gnu.org; Mon, 04 Mar 2024 14:28:25 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fedora.email; q=dns/txt; s=aug2020; bh=94rd0Fu8F/7skny1QpxoP8BBxOGnWvfrbpSfJb6wNNg=; h=from:subject:date:message-id:to:mime-version:content-type:content-transfer-encoding; b=buiABT8edIEdHyuz0NvfBF+fWgGDowWqMF8t+iUtJuf2xscAwOOQpLF4ttcfh5AHNVlqGeLwC vUBSghCNm8qXByp5bGT0SahIuAeGoZrQcawDikPMkdWZ9Ho7o0KCoJg0LHHVsBMi+waTjR7/FbW 9meHoB3kTiO7EdFSApim3z4= Received: from localhost ([185.242.251.193] 185.242.251.193-ip.operadors.cat) (Authenticated sender: willbilly) by fedora.email (ZoneMTA) with ESMTPSA id 18e0aefab870000176.001 for <46980@debbugs.gnu.org> (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384); Mon, 04 Mar 2024 19:27:43 +0000 X-Zone-Loop: 0f55134c6f52d91224154c299f9540d476cd53da26c8 X-Originating-IP: [185.242.251.193] Date: Mon, 4 Mar 2024 20:27:39 +0100 From: William To: 46980@debbugs.gnu.org, abdelhakim@qbaich.com Subject: ntfs-3g and setuid root with an external FUSE library Message-ID: <20240304202739.091706f9@fedora.email> X-Mailer: Claws Mail 4.1.1 (GTK 3.24.37; x86_64-pc-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: 3.5 (+++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hello. Reminder that this issue is still a thing, I'm unable to mount NTFS partitions at boot because ntfs-3g relies on the external FUSE kernel module and refuses to run with setuid right now. The only two possible workarounds I can see is either manually mounting the partition after boot as sudo/superuser, or compile ntfs-3g modified locally with the FUSE support enabled, and use the modif [...] Content analysis details: (3.5 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS [185.242.251.193 listed in zen.spamhaus.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Debbugs-Envelope-To: 46980 X-Mailman-Approved-At: Mon, 04 Mar 2024 18:03:57 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 2.5 (++) X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Hello. Reminder that this issue is still a thing, I'm unable to mount NTFS partitions at boot because ntfs-3g relies on the external FUSE kernel module and refuses to run with setuid right now. The only two possible workarounds I can see is either manually mounting the partition after boot as sudo/superuser, or compile ntfs-3g modified locally with the FUSE support enabled, and use the modif [...] Content analysis details: (2.5 points, 10.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS [185.242.251.193 listed in zen.spamhaus.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 T_SCC_BODY_TEXT_LINE No description available. -1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list manager Hello. Reminder that this issue is still a thing, I'm unable to mount NTFS partitions at boot because ntfs-3g relies on the external FUSE kernel module and refuses to run with setuid right now. The only two possible workarounds I can see is either manually mounting the partition after boot as sudo/superuser, or compile ntfs-3g modified locally with the FUSE support enabled, and use the modified version instead.