Red Hat Bugzilla – Bug 232031
[SECURITY]SELinux errors, using of system() call in src/ntfs-3g.c
Last modified: 2007-11-30 17:11:59 EST
In my message log I have found avc message, witch was coused by ntfs-3g.
After a look on the messages, I was wondering, that mount.ntfs want to start the
bash. In the code I found a test on the /sbin/modprobe exectuable. If this
exceubable exist, a system("modeprobe fuse") will done.
The usage of the system() call is a bad idea, becouse it is make possible to
manipulate the localion from where the modprobe will be execute. The usage of an
exec()-like call may be better.
Created attachment 149954 [details]
avc messages from /var/log/messages
Created attachment 149967 [details]
Patch for solve security weakness
I have added an untested patch which replace the system()-call ba the
This is fixed in 1.516-1 or later ntfs-3g packages.