[Bug 1089408] New: Automatic mounting of external exfat volume results in wrong permissions
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408 Bug ID: 1089408 Summary: Automatic mounting of external exfat volume results in wrong permissions Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: studio@anchev.net QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- STR: 1. Insert an SD card in a USB card reader 2. Open Dolphin and click the link to it 3. ls some files and folders on the card EXPECTED: The files and dirs inside the mount dir should be with proper permissions, e.g. 644. ACTUAL: All files and dirs show as 700: [~]: mount | grep sdf /dev/sdf1 on /run/media/<myusername>/EOS_DIGITAL type fuseblk (ro,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other,blksize=4096,uhelper=udisks2) /dev/sdf1 on /var/run/media/<myusername>/EOS_DIGITAL type fuseblk (ro,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other,blksize=4096) Also the date of the mount dir is 1.1.1970: [~]: dir /run/media/$USER total 256 drwx------ 1 <myusername> users 262144 Jan 1 1970 EOS_DIGITAL ADDITIONAL INFO: Manual mounting as root results in 777 permissions for all dirs and files. The procedure followed is: [~]: su - Password: # umount /dev/sdf1 # mount | grep sdf # mount /dev/sdf1 /mnt FUSE exfat 1.2.7 WARN: '/dev/sdf1' is write-protected, mounting read-only. # mount | grep sdf /dev/sdf1 on /mnt type fuseblk (ro,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other,blksize=4096) # Previously I haven't seen such issue (since openSUSE 13.2 on this machine). I noticed it just recently. The last time I mounted this same card was in December 2017 and the permissions were fine. Link to related forum discussion where it has been suggested that this is a bug: https://forums.opensuse.org/showthread.php/530558-Setting-default-permission... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408#c1
George Anchev
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408#c2
Stanislav Brabec
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408#c3
--- Comment #3 from George Anchev
Output of your mount command and udisks2 automatic mount are equal, but results are not.
That seems to have been the case on Leap 42.3 but as mentioned on 15.0 permissions are 777 when mounting as user. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408#c5
George Anchev
What is the actual problem you are seeing with this? As outlined in the patch, the mount below a dedicated user directory already controls access to the files on the removable medium. There should be no need to set the permission for each particular file/directory on the medium.
It is essentially wrong to have 777 permissions by default for anything, especially for external volumes. Example scenario to illustrate why: Someone gives you a memory card/USB stick with some JPG images. Can a JPG file be an actual harmful code just named as file.jpg? - Yes. Perhaps not on Windows (which relies on extensions) but on Linux it can (which relies on file permission settings). Copying such a file to $HOME will still keep it executable. Would a non-executable permission provide additional protection in this case? - Yes. So should a JPG file be executable? - No. Along these lines: by default files on external volumes must not be executable. The parent mount point dir does control access by other users but it does not protect from the explained case. Second example: Some SD cards have a hardware write-protection lock. Mounting such a card and seeing that everything is writable is obviously wrong. So to my mind: this has both security and usability implications. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408#c7
--- Comment #7 from George Anchev
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408#c10
George Anchev
/dev/sdf1 /run/media/ exfat rw,nodev,nosuid,noatime,uid=1000,gid=100,iocharset=utf8,errors=remount-ro,dmask=0077,fmask=1177
or this:
/dev/sdf1 /run/media/ exfat rw,nodev,nosuid,noatime,user,iocharset=utf8,errors=remount-ro,dmask=0077,fmask=1177
and rebooting (without having the physically mounted volume) results in: ... Aug 29 10:49:08 pc systemd[1]: dev-sdf1.device: Job dev-sdf1.device/start timed out. Aug 29 10:49:08 pc systemd[1]: Timed out waiting for device dev-sdf1.device. Aug 29 10:49:08 pc systemd[1]: Dependency failed for /run/media. Aug 29 10:49:08 pc systemd[1]: Dependency failed for Local File Systems. Aug 29 10:49:08 pc systemd[1]: local-fs.target: Job local-fs.target/start failed with result 'dependency'. Aug 29 10:49:08 pc systemd[1]: local-fs.target: Triggering OnFailure= dependencies. Aug 29 10:49:08 pc systemd[1]: run-media.mount: Job run-media.mount/start failed with result 'dependency'. Aug 29 10:49:08 pc systemd[1]: dev-sdf1.device: Job dev-sdf1.device/start failed with result 'timeout'. Aug 29 10:49:08 pc systemd[1]: Starting Restore /run/initramfs on shutdown... Aug 29 10:49:08 pc systemd[1]: Reached target Sound Card. Aug 29 10:49:08 pc systemd[1]: Reached target Login Prompts. Aug 29 10:49:08 pc systemd[1]: Reached target Remote File Systems. Aug 29 10:49:08 pc systemd[1]: Reached target User and Group Name Lookups. Aug 29 10:49:08 pc systemd[1]: Reached target Host and Network Name Lookups. Aug 29 10:49:08 pc systemd[1]: Reached target Paths. Aug 29 10:49:08 pc systemd[1]: Reached target Network. Aug 29 10:49:08 pc systemd[1]: Reached target Timers. Aug 29 10:49:08 pc systemd[1]: Started Emergency Shell. Aug 29 10:49:08 pc systemd[1]: Reached target Emergency Mode. ... and I have to enter root password, comment out the line in /etc/fstab and reboot again so that I can login normally. So that approach seems to depend on the presence of the physical media which is a significant drawback. This:
udisksctl mount --block-device /dev/sdf1 --options dmask=0077,fmask=1177
works fine, giving the desired permission and ownership. But if I unmount/eject the volume, insert it again and click on it in Dolphin (which mounts it again) I still get 777 permissions. I suppose if there is a way to make these mounting parameters persistent that would be it.
Again, is this also shown when you do a user mount?
[~]: udisksctl mount --block-device /dev/sdf1 --options dmask=0077,fmask=1177 Mounted /dev/sdf1 at /run/media/<myusername>/EOS_DIGITAL. [~]: cat /proc/mounts | grep sdf1 /dev/sdf1 /run/media/<myusername>/EOS_DIGITAL fuseblk ro,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other,blksize=4096 0 0 /dev/sdf1 /var/run/media/<myusername>/EOS_DIGITAL fuseblk ro,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other,blksize=4096 0 0 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408#c11
--- Comment #11 from George Anchev
works fine, giving the desired permission and ownership
That still doesn't take into account the hardware write lock of the memory card, i.e. the files an dirs still appear as writable (according to permission flags based on the options). -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408#c13
--- Comment #13 from George Anchev
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408#c14
Stanislav Brabec
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408#c15
--- Comment #15 from George Anchev
In my opinion, the default mask should be equal to the mask used by the user (or mounting process): 644 or 755.
In my case: [~]: grep umask ~/.bashrc umask 0077 I think this user choice should be respected rather than a generic 644 or 755.
Removal of executable flag is disputable. It is good for importing of photos, but makes impossible to start executables from VFAT.
And the question is: in what situation would one want to execute files from external VFAT? Would such desire justify to make everything executable by default? What overall consequences this may have and is it really worth to create insecurity by default for the sake of having a little convenience for the rare cases? An expert or at least a somewhat security minded person would never execute unverified file. A layman would do whatever is convenient, even not knowing what he is doing - that can be dangerous + it can affect other users on the system (even if they are security minded, especially in a post-Spectre/Meltdown world). If the system does not protect from such activity for the sake of a little convenience, we can as well run `sudo chmod 777 root:root /` (or go back to Windows and work as admin the whole time). That said: if the goal is the convenience to have executable flag by default, that should also be possible but it should be an "opt-in" configuration with explicit warning informing the user of the possible consequences. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408#c17
--- Comment #17 from George Anchev
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408#c19
--- Comment #19 from Stanislav Brabec
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408
http://bugzilla.opensuse.org/show_bug.cgi?id=1089408#c20
--- Comment #20 from George Anchev
If you want to use udisks, then don't add records to fstab.
What should one do then? How to specify desired settings without using fstab? -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com