Bug#916260: gparted mounts partition without protection

Fri, 14 Feb 2020 07:51:42 -0800 

On Fri, Feb 14, 2020 at 10:11:13AM -0500, Phillip Susi <ph...@thesusis.net> 
wrote:
> > doesn't matter how exactly I change a file, as long as I can change it
> > when I shouldn't be, it is a security bug.
> 
> True, you can delete the file and replace it, but then it is now owned
> by you instead of the original owner.  It's a fair argument that it
> amounts mostly to the same thing.

Maybe it helps when you realise thta chown can also modify a file...

> > No, there are other possibilities, but that is one way, yes.
> 
> Other possibilities like what?

You yourself mentioned some - in any case, does this lead somewhere?

> >> looser permissions, and that amounts to the same thing as just not
> >> keeping it mounted most of the time.
> >
> > No, these are very different things.
> 
> How so?

If you can't see how not mounting a filesystem and having ti accessible
by various means are very different, I am afraid I don't see how I can
explain it to you.

> In both cases the permissions on the file itself are wrong,

You keep making this false claim, but that doesn't lend it more
credence.  POSIX permissions work the way they work, and if you think some
combination of permissions are wrong, what are the rules to determine
right and wrong and what is your source for this repeated statement?

It seems to me your claim of "wrongess" is a value statement only - do you
have any objective arguments, too?

> > Your question is loaded, because it presumes that the correct permissions
> > are somehow incorrect (a contradiction that any answer would have to
> > accept, which makes it impossible to answer your question). That is
> 
> The permissions allow access that you do not wish it to.  Ipso facto,
> the permissions are incorrect.

Ah, maybe I see where you are copming from - gparted changes effective
permissions, so they are wrong.

Well, congratulations, that's exactly why this is a security bug in
gparted - the user doesn't wish file access and configures the permissions
accordingly, but gparted circumvents this user configuration, and this is
unexpected, and incorrect behaviour.

-- 
                The choice of a       Deliantra, the free code+content MORPG
      -----==-     _GNU_              http://www.deliantra.net
      ----==-- _       generation
      ---==---(_)__  __ ____  __      Marc Lehmann
      --==---/ / _ \/ // /\ \/ /      schm...@schmorp.de
      -=====/_/_//_/\_,_/ /_/\_\

Reply via email to