More than four years since the last release, the release of the NTFS-3G 2021.8.22 package has been published, which includes a free driver that works in user space using the FUSE mechanism, and a set of ntfsprogs utilities for manipulating NTFS partitions. The project code is distributed under the GPLv2 license.
The driver supports reading and writing data on NTFS partitions and can run on a wide range of operating systems that support FUSE, including Linux, Android, macOS, FreeBSD, NetBSD, OpenBSD, Solaris, QNX, and Haiku. The implementation of the NTFS file system provided by the driver is fully compatible with Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008, Windows 7, Windows 8, and Windows 10 operating systems. The ntfsprogs set of utilities allows you to perform operations such as creating NTFS partitions , checking integrity, cloning, resizing and restoring deleted files. Common components for working with NTFS used in the driver and utilities are moved to a separate library.
The release is notable for fixing 21 vulnerabilities. The vulnerabilities are caused by buffer overflows in the processing of various metadata and allow organizing code execution when mounting a specially designed NTFS image (including an attack that can be carried out when an unverified external drive is connected). If an attacker has local access to a system on which the ntfs-3g executable is installed with the setuid root flag, the vulnerabilities can also be used to escalate their privileges.
Of the non-security-related changes, the codebases of the extended and stable editions of NTFS-3G are merged, with the transfer of project development to GitHub. The new release also includes backlog fixes and issues when compiling with older releases of libfuse. Separately, the developers analyzed the comments about the poor performance of NTFS-3G. The analysis showed that performance problems are usually associated with the delivery of obsolete versions of the project in distributions or the use of incorrect default settings (mounting without the βbig_writesβ option, without which the file transfer speed is reduced by 3-4 times). According to tests conducted by the development team, the performance of NTFS-3G lags behind ext4 by only 15-20%.
Source: opennet.ru