*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: gparted Running Ubuntu Intrepid on an Acer Aspire One A110L. GParted recognizes the built-in hard disk (an 8GB SSD actually) under /dev/sda, and it does recognize a USB stick (e.g. at /dev/sdb), but it does not see the built- in card readers, even when the netbook is booted with both card readers holding a card. The card readers have the device names /dev/mmcblk0 and /dev/mmcblk1. Nautilus does see all devices, and all devices allow read from and write to. Strangely, when parted is called from a terminal as: "sudo parted -l" it lists all 4 existing devices correctly. When parted is called from the regular user as "parted -l" it does NOT list the SSD disk or the USB stick, but it DOES list both card readers! Parted also allows the non- root user to modify the partitions on those card readers! Something is wacky - parted should not allow non-root users to modify any partition, and GParted should recognize all devices and partitons (just as Nautilus does). Perhaps the strange naming of the devices and/or partitons is the cause of problems. The underlying cause may be related to the bug I reported for FDisk, see https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/294871 I believe when a regular user is allowed to modify partitions, this qualifies as a security vulnerability, therefore I marked that. ~$ uname -a Linux aa1 2.6.27-8-generic #1 SMP Thu Nov 6 17:33:54 UTC 2008 i686 GNU/Linux ** Affects: gparted (Ubuntu) Importance: Undecided Status: New ** This bug has been flagged as a security issue ** Description changed: Binary package hint: gparted Running Ubuntu Intrepid on an Acer Aspire One A110L. GParted recognizes the built-in hard disk (an 8GB SSD actually) under /dev/sda, and it does recognize a USB stick (e.g. at /dev/sdb), but it does not see the built- in card readers, even when the netbook is booted with both card readers holding a card. The card readers have the device names /dev/mmcblk0 and /dev/mmcblk1. Nautilus does see all devices, and all devices allow read from and write to. Strangely, when parted is called from a terminal as: "sudo parted -l" it lists all 4 existing devices correctly. When parted is called from the regular user as "parted -l" it does NOT list the SSD disk or the USB stick, but it DOES list both card readers! Parted also allows the non- root user to modify the partitions on those card readers! Something is wacky - parted should not allow non-root users to modify any partition, and GParted should recognize all devices and partitons (just as Nautilus does). Perhaps the strange naming of the devices and/or partitons is the cause of problems. The underlying cause may be related to the bug I reported for FDisk, see https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/294871 + I believe when a regular user is allowed to modify partitions, this + qualifies as a security vulnerability, therefore I marked that. + ~$ uname -a Linux aa1 2.6.27-8-generic #1 SMP Thu Nov 6 17:33:54 UTC 2008 i686 GNU/Linux -- [ubuntu intrepid] GParted does not detect devices and parted acts strange also https://bugs.launchpad.net/bugs/298037 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
