On Wed, Aug 07, 2024 at 03:25:04PM +0200, Helmut Grohne wrote:
> I am less sure what to do about the case of ntfs-3g. Its own permission
> depend on whether a statoverride for /bin/fusermount (owned by fuse)
> exist. However, ntfs-3g depends on fuse3 and if one were to add a
> statoverride for fuse3, it would apply to /bin/fusermount3 as
> /bin/fusermount only is a link there. As such, the statoverride check
> looks broken to me.
>
> So one option is to discard it. At that point doing chmod in postinst no
> longer makes sense. That chmod should happen at build time and apply to
> data.tar.
I would propose to do what you described here instead. Debdiff
attached.
Chris
diff -Nru ntfs-3g-2022.10.3/debian/changelog ntfs-3g-2022.10.3/debian/changelog
--- ntfs-3g-2022.10.3/debian/changelog 2024-06-16 07:12:14.000000000 +0200
+++ ntfs-3g-2022.10.3/debian/changelog 2024-08-09 11:40:03.000000000 +0200
@@ -1,3 +1,15 @@
+ntfs-3g (1:2022.10.3-3.1) UNRELEASED; urgency=medium
+
+ * Non-maintainer upload.
+ * Drop ntfs-3g.postinst, which previously checked a statoverride for another
+ package. In the best case it was prone to not working because of timing
+ conditions, and in the worst case it did nothing.
+ Instead, install ntfs-3g mode 4755 in data.tar.
+ (Closes: #1060229)
+ * Drop effectively empty ntfs-3g.postrm.
+
+ -- Chris Hofstaedtler <z...@debian.org> Fri, 09 Aug 2024 11:40:03 +0200
+
ntfs-3g (1:2022.10.3-3) unstable; urgency=medium
* Fix use-after-free in 'ntfs_uppercase_mbs' (CVE-2023-52890)
diff -Nru ntfs-3g-2022.10.3/debian/ntfs-3g.lintian-overrides
ntfs-3g-2022.10.3/debian/ntfs-3g.lintian-overrides
--- ntfs-3g-2022.10.3/debian/ntfs-3g.lintian-overrides 1970-01-01
01:00:00.000000000 +0100
+++ ntfs-3g-2022.10.3/debian/ntfs-3g.lintian-overrides 2024-08-09
11:40:03.000000000 +0200
@@ -0,0 +1 @@
+ntfs-3g: elevated-privileges 4755 root/root [usr/bin/ntfs-3g]
diff -Nru ntfs-3g-2022.10.3/debian/ntfs-3g.postinst
ntfs-3g-2022.10.3/debian/ntfs-3g.postinst
--- ntfs-3g-2022.10.3/debian/ntfs-3g.postinst 2020-06-12 10:44:39.000000000
+0200
+++ ntfs-3g-2022.10.3/debian/ntfs-3g.postinst 1970-01-01 01:00:00.000000000
+0100
@@ -1,30 +0,0 @@
-#!/bin/sh
-
-set -e
-
-case "${1}" in
- configure)
- if ! dpkg-statoverride --list /bin/fusermount > /dev/null 2>&1
- then
- chmod 4755 /bin/ntfs-3g
- fi
-
-# if [ -x /usr/sbin/update-initramfs ]
-# then
-# update-initramfs -u
-# fi
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
-
- ;;
-
- *)
- echo "postinst called with unknown argument \`${1}'" >&2
- exit 1
- ;;
-esac
-
-#DEBHELPER#
-
-exit 0
diff -Nru ntfs-3g-2022.10.3/debian/ntfs-3g.postrm
ntfs-3g-2022.10.3/debian/ntfs-3g.postrm
--- ntfs-3g-2022.10.3/debian/ntfs-3g.postrm 2015-09-01 20:11:38.000000000
+0200
+++ ntfs-3g-2022.10.3/debian/ntfs-3g.postrm 1970-01-01 01:00:00.000000000
+0100
@@ -1,25 +0,0 @@
-#!/bin/sh
-
-set -e
-
-case "${1}" in
- remove)
-# if [ -x /usr/sbin/update-initramfs ]
-# then
-# update-initramfs -u
-# fi
- ;;
-
- purge|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
-
- ;;
-
- *)
- echo "postrm called with unknown argument \`${1}'" >&2
- exit 1
- ;;
-esac
-
-#DEBHELPER#
-
-exit 0
diff -Nru ntfs-3g-2022.10.3/debian/rules ntfs-3g-2022.10.3/debian/rules
--- ntfs-3g-2022.10.3/debian/rules 2024-03-26 17:32:13.000000000 +0100
+++ ntfs-3g-2022.10.3/debian/rules 2024-08-09 11:40:03.000000000 +0200
@@ -98,6 +98,9 @@
dh_link --remaining-packages
+execute_before_dh_installdeb:
+ chmod 4755 debian/ntfs-3g/usr/bin/ntfs-3g
+
override_dh_makeshlibs:
dh_makeshlibs --add-udeb=ntfs-3g-udeb -Vlibntfs-3g$(SONAME)t64
