[Bug 308867] New: Windows NTFS disks not mounted
https://bugzilla.novell.com/show_bug.cgi?id=308867 Summary: Windows NTFS disks not mounted Product: openSUSE 10.3 Version: Beta 2 Platform: x86-64 OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: trofimich@gmail.com QAContact: qa@suse.de Found By: Beta-Customer Created an attachment (id=162825) --> (https://bugzilla.novell.com/attachment.cgi?id=162825) Screenshot I've installed OpenSuse 10.3 Beta 2 on disk with Windows partitions (all updates before september 8 unstalled too). I have 3 windows disks: two NTFS and one FAT32. FAT32 disk mounted without problems. Both NTFS disks shown as not mounted after SUSE loaded. I use KDE 3.5.7. When i select "Mount" from popup menu, i've got an error: "Error opening partition device: Access denied" If i enter in KDE under root, than mounting works (working with disks too slow, but this is other question). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867#c1 Andreas Jaeger <aj@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO Info Provider| |trofimich@gmail.com --- Comment #1 from Andreas Jaeger <aj@novell.com> 2007-09-10 11:51:37 MST --- Please add /etc/fstab and the YaST logfiles (see http://en.opensuse.org/Bugs/YaST). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867#c2 --- Comment #2 from Alexander Tyutik <trofimich@gmail.com> 2007-09-11 15:29:53 MST --- /dev/disk/by-id/scsi-SATA_ST3320620AS_3QF0YQ55-part8 / ext3 acl,user_xattr 1 1 /dev/disk/by-id/scsi-SATA_ST3320620AS_3QF0YQ55-part9 /archive ext3 acl,user_xattr 1 2 /dev/disk/by-id/scsi-SATA_ST3320620AS_3QF0YQ55-part1 /windows/C ntfs-3g users,gid=users,umask=0002,nls=utf8,locale=ru_RU.UTF-8 0 0 /dev/disk/by-id/scsi-SATA_ST3320620AS_3QF0YQ55-part5 /windows/D ntfs-3g users,gid=users,umask=0002,nls=utf8,locale=ru_RU.UTF-8 0 0 /dev/disk/by-id/scsi-SATA_ST3320620AS_3QF0YQ55-part6 /windows/E vfat users,gid=users,umask=0002,utf8=true 0 0 /dev/disk/by-id/scsi-SATA_ST3320620AS_3QF0YQ55-part7 swap swap defaults 0 0 proc /proc proc defaults 0 0 sysfs /sys sysfs noauto 0 0 debugfs /sys/kernel/debug debugfs noauto 0 0 usbfs /proc/bus/usb usbfs noauto 0 0 devpts /dev/pts devpts mode=0620,gid=5 0 0 /dev/fd0 /media/floppy auto noauto,user,sync 0 0 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867#c3 --- Comment #3 from Alexander Tyutik <trofimich@gmail.com> 2007-09-11 16:12:38 MST --- Created an attachment (id=163379) --> (https://bugzilla.novell.com/attachment.cgi?id=163379) Yast logs part 1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867#c4 --- Comment #4 from Alexander Tyutik <trofimich@gmail.com> 2007-09-11 16:20:28 MST --- Created an attachment (id=163381) --> (https://bugzilla.novell.com/attachment.cgi?id=163381) Yast logs part 2 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 Cyril Hrubis <chrubis@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.provo.novell.com |fehr@novell.com Status|NEEDINFO |NEW Info Provider|trofimich@gmail.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867#c5 Thomas Fehr <fehr@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fehr@novell.com AssignedTo|fehr@novell.com |bk@novell.com --- Comment #5 from Thomas Fehr <fehr@novell.com> 2007-09-12 04:36:42 MST --- Bernd this seems to be a problem of xtfs-3g not honoring the "users" flag in /etc/fstab. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867#c6 Willem Meens <regnovell@diwi.nl> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |regnovell@diwi.nl --- Comment #6 from Willem Meens <regnovell@diwi.nl> 2007-09-27 01:08:32 MST --- changing section '.. users,gid=users,umask=0002,nls=utf8,locale=ru_RU.UTF-8 0 0' to '... defaults 0 0' is a workaround fix. Not sure if this has other consequences -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867#c7 Daugirdas Racys <daugirdas@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |daugirdas@gmail.com OS/Version|Other |openSUSE 10.3 Version|Beta 2 |Final --- Comment #7 from Daugirdas Racys <daugirdas@gmail.com> 2007-10-06 18:17:17 MST --- Same problem here with 10.3 x64 final. I am a bit reluctant to use defaults, as that wouldn't allow user mount as well -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867#c8 --- Comment #8 from Alexander Tyutik <trofimich@gmail.com> 2007-10-08 02:41:49 MST --- I made new installation of 10.3 for AMD64 from KDE CD and now all works fine. But few days ago, when i had Beta 2 with updates, mounting worked unstable. Sometimes both disks were mounted after booting, sometimes only one, sometimes both were not mounted. I haven't found any regularity for this... Now i downloading 10.3 DVD and will try reinstall Suse again. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867#c9 --- Comment #9 from Alexander Tyutik <trofimich@gmail.com> 2007-10-11 01:28:12 MST --- Against reinstalled OpenSuse 10.3 GM - same problem, but not always!!! As i wrote before, sometimes all disks mounted after booting, sometimes only one, sometimes no one. Seems suse decides mount or not mount depending of moon phase :-) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867#c10 --- Comment #10 from Thomas Fehr <fehr@novell.com> 2007-10-11 03:26:22 MST --- See comment #16 in bug #309074 for an explanation of a ntfs-3g developer under which circumstances mounting of ntfs-3g fails. I still think the driver should fall back to a readonly-mount (with log entry explaining the reason for this) for such cases, but I can also understand the motivation of the developers to avoid the risk of even displaying invalid/outdated data under linux. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867#c11 Francesco Cosoleto <francesco.cosoleto@libero.it> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |francesco.cosoleto@libero.it --- Comment #11 from Francesco Cosoleto <francesco.cosoleto@libero.it> 2007-10-14 11:56:41 MST --- I've installed OpenSuse 10.3 and my windows partitions wasn't mounted, no /windows/<letter> directories created, unlike OpenSuse 10.2. I have fixed this by Yast disk module, adding manually mount point data. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867#c12 John Jolly <jjolly@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jjolly@novell.com AssignedTo|bk@novell.com |jjolly@novell.com Status|NEW |ASSIGNED --- Comment #12 from John Jolly <jjolly@novell.com> 2007-11-05 09:50:47 MST --- Perhaps both are possible. The default behavior should be to fail the mount if the filesystem is inconsistent. A mount option should be provided to enable the fallback-to-readonly when the filesystem is inconsistent. I'll take it from here. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 John Jolly <jjolly@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|jjolly@novell.com |bk@novell.com Status|ASSIGNED |NEW -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 Cyril Hrubis <chrubis@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.provo.novell.com |aosthof@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 JP Rosevear <jpr@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |433187 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 Szabolcs Szakacsits <szaka@ntfs-3g.org> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-gnome@forge.provo.novell.com |szaka@ntfs-3g.org Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 User vuntz@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=308867#c15 Vincent Untz <vuntz@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vuntz@novell.com Status|ASSIGNED |NEEDINFO Info Provider| |security-team@suse.de --- Comment #15 from Vincent Untz <vuntz@novell.com> 2008-11-04 05:44:16 MST --- (In reply to comment #5 from Thomas Fehr)
Bernd this seems to be a problem of xtfs-3g not honoring the "users" flag in /etc/fstab.
ntfs-3g needs to be setuid root for the users flag to be honoured. Security team? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=308867#c16 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|security-team@suse.de | --- Comment #16 from Ludwig Nussel <lnussel@novell.com> 2008-11-04 07:29:06 MST --- Not setting the setuid bit on that tool saved us from grave security problems in the past already (CVE-2007-5159). We will not set a setuid bit by default. Set the bit locally yourself if you are aware of the risks or mount the paritions via hal instead. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 User vuntz@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=308867#c17 Vincent Untz <vuntz@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|433187 | AssignedTo|szaka@ntfs-3g.org |bnc-team-screening@forge.provo.novell.com Status|ASSIGNED |NEW Component|GNOME |YaST2 Product|openSUSE 10.3 |openSUSE 11.1 QAContact|qa@suse.de |jsrain@novell.com Summary|Windows NTFS disks not mounted |Do not use "users" option for ntfs mounts Version|Final |Factory --- Comment #17 from Vincent Untz <vuntz@novell.com> 2008-11-04 08:01:52 MST --- Moving to YaST: if we don't want to have a setuid ntfs-3g, then YaST shouldn't set the users option in fstab for ntfs mounts. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 User szaka@ntfs-3g.org added comment https://bugzilla.novell.com/show_bug.cgi?id=308867#c18 --- Comment #18 from Szabolcs Szakacsits <szaka@ntfs-3g.org> 2008-11-04 08:08:34 MST --- CVE-2007-5159 is a misunderstanding and obsolete for over 8 months, since the release of NTFS-3G 1.2216: http://ntfs-3g.org/releases.html NTFS-3G's security was reviewed and reworked 9 months ago. Using the built-in fuse-lite must be secure. No known risks are involved. Using external FUSE is unknown. More details are available from the 5th paragraphs at: http://article.gmane.org/gmane.comp.file-systems.ntfs-3g.devel/418 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 User aj@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=308867#c19 Andreas Jaeger <aj@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.provo.novell.com |security-team@suse.de --- Comment #19 from Andreas Jaeger <aj@novell.com> 2008-11-07 01:29:13 MST --- Security Team, please reevaluate. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 User aj@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=308867#c20 Andreas Jaeger <aj@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |1kfmm4x02@sneakemail.com --- Comment #20 from Andreas Jaeger <aj@novell.com> 2008-11-07 02:13:56 MST --- *** Bug 440834 has been marked as a duplicate of this bug. *** https://bugzilla.novell.com/show_bug.cgi?id=440834 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=308867#c21 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lnussel@novell.com AssignedTo|security-team@suse.de |aschnell@novell.com --- Comment #21 from Ludwig Nussel <lnussel@novell.com> 2008-11-07 02:44:01 MST --- Well, an audit doesn't magically happen over night. ntfs-3g was on the radar previously and said security problems were discovered. We didn't receive a new audit request after the security model was changed. However IMO the setuid bit isn't needed anyways. HAL is able to mount fixed disks just fine in the meanwhile so no need for /etc/fstab entries anymore. Therefore my recommendation would be to only create fstab entries for partitions that are required by the system itself (/, /usr, swap etc) but not for partitions of other operating systems => yast's job to not create those /windows/* mounts I guess. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 Arvin Schnell <aschnell@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Priority|P5 - None |P3 - Medium Target Milestone|--- |Future/Later -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 User szaka@ntfs-3g.org added comment https://bugzilla.novell.com/show_bug.cgi?id=308867#c22 --- Comment #22 from Szabolcs Szakacsits <szaka@ntfs-3g.org> 2008-11-07 07:53:47 MST --- This is the very short story of the ntfs-3g security problems from over one year ago. All and even more were fixed in January and February of 2008. I can provide real person names offline if requested. A Fedora user noticed that if ntfs-3g and everything else is configured the documented way for unprivileged mounts to mount NTFS volumes then users can indeed mount unprivileged any NTFS volume. This was the intended behavior by design for those who needed this feature by explicit configuration (not default) but the user believed it is a security problem. A security advisory was issued by Fedora what other distributions followed without checking out the technical details. A Red Hat employee from their security team later confirmed me in private that the security analyses was incorrect what he approved. During the same time Ludwig Nussel from SUSE has found an unrelated, real local root exploit (much higher severity). This was never disclosed to the public but the incorrect security advisory is used today as a proxy. The CVE is still not analysed/confirmed. The solution would have been not trivial and involved the cooperation of several teams. Since the beginning of this year ntfs-3g has no dependency on FUSE user space and we was able to fully audit and fix all discovered security issues in ntfs-3g. Please note, the above doesn't mean setuid-root use would be encouraged by NTFS-3G. Actually just the opposite. But it's there for those who want to run (not only mount) ntfs-3g unprivileged. The user/user fstab option issue could be fixed if mount(8) called the mount.ntfs-3g mount helper privileged. Otherwise setuid-root ntfs-3g is required. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=308867#c23 --- Comment #23 from Ludwig Nussel <lnussel@novell.com> 2008-11-07 08:16:10 MST --- (In reply to comment #22 from Szabolcs Szakacsits)
A Fedora user noticed that if ntfs-3g and everything else is configured the documented way for unprivileged mounts to mount NTFS volumes then users can indeed mount unprivileged any NTFS volume. This was the intended behavior by design for those who needed this feature by explicit configuration (not default) but the user believed it is a security problem. [...] During the same time Ludwig Nussel from SUSE has found an unrelated, real local root exploit (much higher severity). This was never disclosed to the public but the incorrect security advisory is used today as a proxy. The CVE is still not analysed/confirmed.
You are right. I've dug up the discussions in the mail archive. Indeed CVE-2007-5376 has been assigned to problem I discovered and the plan was to reject CVE-2007-5159. This never actually happened though. Feel free to tell mitre (cve@mitre.org) to correct their descriptions.
Please note, the above doesn't mean setuid-root use would be encouraged by NTFS-3G. Actually just the opposite.
Good to hear :-)
The user/user fstab option issue could be fixed if mount(8) called the mount.ntfs-3g mount helper privileged. Otherwise setuid-root ntfs-3g is required.
Yeah, other mount helpers would benefit from that too. One can't just change the semantics for current helpers though so one would need a directory where helpers with new sematics can be installed. Upstream is not opposed to this idea IIRC. There just is noone pushing an actual implementation. There are also efforts from the kernel side to allow pure user mounts without privileges. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 User szaka@ntfs-3g.org added comment https://bugzilla.novell.com/show_bug.cgi?id=308867#c24 --- Comment #24 from Szabolcs Szakacsits <szaka@ntfs-3g.org> 2008-11-07 08:35:34 MST --- (In reply to comment #23 from Ludwig Nussel)
Yeah, other mount helpers would benefit from that too. One can't just change the semantics for current helpers though so one would need a directory where helpers with new sematics can be installed. Upstream is not opposed to this idea IIRC. There just is noone pushing an actual implementation.
Last year I suggested a different mount helper name convention, e.g. /sbin/mount_<FS> (which is not really ok because it interferes with other OSes which do use '_' as [u]mount the '.'). I'm afraid a new directory would complicate things. Perhaps something like /sbin/root_mount.<FS>, /sbin/rmount.<FS>, /sbin/privileged_mount.<FS>, /sbin/prvmount.<FS>, ....?
There are also efforts from the kernel side to allow pure user mounts without privileges.
Afaik, Miklos is ready with it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=308867 User aschnell@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=308867#c25 Arvin Schnell <aschnell@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FEATURE --- Comment #25 from Arvin Schnell <aschnell@novell.com> 2008-11-19 03:15:51 MST --- Changing YaST behaviour requires a fate entry. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com