USB mass storage devices are mounted with unsafe permissions

Bug #157094 reported by GreatBunzinni
260
Affects Status Importance Assigned to Milestone
hal (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

When a USB mass storage device (USB flash drive, USB external HD) is plugged in, the default file permissions of the files stored in those devices are (rwxr-xr-x), which apparently means that any file contained in an USB mass storage device may be executed in that system without a single problem. That doesn't sound very safe. Moreover, the "disk and filesystems" option from "System Settings" does not offer a single option to correct it.

It would be nice if the USB mass storage devices could be accessed without worrying about safety and system integrity

Revision history for this message
Basilio Kublik (sourcercito) wrote :

Hi there
Which filesystem do you use on your external media to test this issue?, which version of Ubuntu are you using?
about the executable property, vfat and ntfs probably won't ever support unix permissions, so it always have the "x" permission, about the read and execute by the group and others, here i test with an ipod and usb external HD, both USB, and mount with permission "700" for the files and directories, not 755 like in your case.

Thanks in advance.

Revision history for this message
GreatBunzinni (greatbunzinni) wrote :

I'm running Kubuntu 7.10. My external HD has a single vfat partition and I assume that the flash drive is also vfat.

So in the case of those file systems which don't support unix permissions, isn't there a way to configure the default file permissions attributed to them? After all, the executable permission has to be attributed somewhere. Moreover, they may not support the unix file permissions but that doesn't make the hability to run any external file as executable any less of a security problem.

Revision history for this message
GreatBunzinni (greatbunzinni) wrote :

I've just noticed that this file permission problem affects more than USB mass storage devices, as I've found out that even CD-ROMs are mounted with 777 permissions. Not good.

Revision history for this message
Savvas Radevic (medigeek) wrote :

Isn't there anything that can be done about this? Like a virtual change of permissions?

Revision history for this message
GreatBunzinni (greatbunzinni) wrote :

This issue keeps on getting stranger, now that I noticed that ubuntu, through GNOME (which is known for it's very restricted configurability), offers the ability to not only setup the removable drive permissions but also all mount options, all that through a GUI application.

So, what gives?

Revision history for this message
GreatBunzinni (greatbunzinni) wrote :

This bug is marked as incomplete. What else is needed to tackle this problem?

Revision history for this message
Jayson Rowe (jayson.rowe) wrote :

Since it's been a very long time since any additional info was added to this bug, I'm just checking to see if this is still an issue, and find out what additional work should be done on this bug.

Revision history for this message
GreatBunzinni (greatbunzinni) wrote :

It's still an issue. I've upgraded to kubuntu 8.10 and the default file permissions are still (rwxr-xr-x).

Revision history for this message
Savvas Radevic (medigeek) wrote :

This bug/wishlist report will expire in 5 days - if you wish to see it implemented, mark its status as "New".

Revision history for this message
GreatBunzinni (greatbunzinni) wrote :

It's still there

Revision history for this message
GreatBunzinni (greatbunzinni) wrote :

Status fixed. Thanks for the heads up, Savvas.

Revision history for this message
Kees Cook (kees) wrote :

Can this default be changed for FAT filesystems, or are we limited by the lack of execute bits there?

Changed in hal:
importance: Undecided → Low
status: New → Confirmed
Revision history for this message
GreatBunzinni (greatbunzinni) wrote :

I've just upgraded to kubuntu 9.04 and this bug still persists. Isn't it possible to at least hard-code the default permissions on mounted mass storage devices?

Revision history for this message
Przemek K. (azrael) wrote :

This bug can be considered a duplicate of bug #14335, because there is a more established discussion about 2 implications of this issue (nautilus wanting to execute text files on ntfs/fat drives, unsafe permissions...).
Please head to that bug for further discussion and for a workaround (see one of my comments quoting a comment from another duplicate bug - bug 60722)

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.