On Mon, Feb 03, 2020 at 01:07:55PM -0500, Phillip Susi <ph...@thesusis.net>
wrote:
> > 3. Now *another user* on the same machine can access that file system,
> > which I unwittingly mounted and exposed.
>
> I get it, I just don't understand why you would have a filesystem around
> whose internal permissions were not already set up correctly but instead
> you relied on not mounting it to protect it.
It happens also for filesystems with correct permissions - maybe this is
the point you have problems with?
The effective permissions for a path depend on more than just the
permissions of the file it refers to. For example, a root-only readable
file can still be changed by normal users if the directory is writable for
them.
That means the whole access path needs to be taken into account, and
this is why the security issue is in gparted, because gparted changes
effective permissions in ways not expected by the user, by mounting it in
an insecure location.
Or in other wors, gparted can make files accessible that weren't
accessible before, without the user reasonably expecting this (as the user
expectation is that gparted doesn't widen effective permissions).
--
The choice of a Deliantra, the free code+content MORPG
-----==- _GNU_ http://www.deliantra.net
----==-- _ generation
---==---(_)__ __ ____ __ Marc Lehmann
--==---/ / _ \/ // /\ \/ / schm...@schmorp.de
-=====/_/_//_/\_,_/ /_/\_\
