New objects should inherit limited access rights from above instead insecurely being world accessible

Bug #1249674 reported by UlfZibis on 2013-11-09
260
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ntfs-3g (Ubuntu)
Undecided
Unassigned

Bug Description

1) Ubuntu 12.04 LTS
2) 1:2012.1.15AR.1-1ubuntu1.2
4) When a new file/folder is created under Linux, it automatically has full access rights under Windows.
3) If the file is e.g. under \Users\user\documents\... it should better inherit access rights from there, instead of being fully accessible to all Windows users.

Seth Arnold (seth-arnold) wrote :

Thanks for the report; this looks to be an intentional design decision of ntfs-3g; some options are available, but they require an administrator to consider the choices available: http://www.tuxera.com/community/ntfs-3g-manual/

Thanks

information type: Private Security → Public Security
Changed in ntfs-3g (Ubuntu):
status: New → Invalid
UlfZibis (ulf-zibis) wrote :
Changed in ntfs-3g (Ubuntu):
status: Invalid → New
Jean-Pierre (jean-pierre-andre) wrote :

1) Making Windows-type permission inheritance by default would change the default behavior. Even if this would be a good thing, it will cause users to be disoriented.
2) Currently Windows-type inheritance is available as an option, provided user-mapping is defined. This restriction will be lifted in the future, but with no user mapping, the same exact result as Windows cannot be achieved, though it may provide significant improvement for users more wary on Windows protections than on Linux ones.

UlfZibis (ulf-zibis) wrote :

1) Windows _and_ Linux have protected "home" paths for private user data, so user A has no access to data in user B's "home" path.
I think, users will be _disoriented by current default behaviour_ of ntfs-3g - if ever noticed - at least I was, when I discovered that above rule does not anymore hold after adding new data to a Windows "home" path from Linux side.
Assume, one adds a folder "Projects" to /media/Windows/Users/A/ and then some data and later user B logs in on Windows.
Folder C:\Users\A\ is correctly is not accessible for user B but C:\Users\A\Projects\ is.
I believe, people regularly do not discover this, but if, I'm sure, they will be truly "disoriented".

Can you share a scenario, where a user could be disoriented, when a Linux created file object no more has Windows full access for anybody - even for Guest - but is only restricted to the permissions of it's parent folder, from which itself inherits it's permissions?

2) Current inherit behavior in combination with mandatory UserMapping actually has some traps, see:
http://tuxera.com/forum/viewtopic.php?f=3&t=30640&start=0&sid=421e2960a1766bcd9884ebce3183b235
http://tuxera.com/forum/viewtopic.php?f=3&t=30642&start=0&sid=5c992ba48debdecdcd6ebbe55da0bed5
With the there provided prototype patch for inheritance without UserMapping, new file objects in some Windows protected parent folder, created from Linux, have more or less the same permissions - by inheritance - as those, which were copied with Windows Explorer from an external permission-less source e.g. USB FAT volume. So I see no problem with:
- "the same exact result as Windows cannot be achieved"
- less worry on Linux protections - from Linux side there is no difference if mounted with inherit or not, in both cases all file objects have world access.

Changed in ntfs-3g (Ubuntu):
status: New → Confirmed
UlfZibis (ulf-zibis) on 2014-05-19
summary: - New objects should inherit access rights from above
+ New objects should inherit limited access rights from above instead
+ insecurely being world accessible
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers