11 Jan
2017
11 Jan
'17
10 p.m.
Hello:
I have Trinity R14.0.4 on openSUSE Leap 42.2.
The desktop has a "My Computer" icon which is a shortcut to media:/.
It opens a window that shows a lot of (all?) hard disk
volumes/partitions.
The problem:
Normal user can mount any of these partititions. This is a SERIOUS
security
flaw. Normal user should not be able to mount internal disk partitions
unless the partition is explicitely set so in /etc/fstab using "user"
or
"users" options. This behavior can lead to unintentional disruption
of raid arrays and enable normal users to modify other users' files in
other
OSs on other partitions.
It is also very strange that a user running mount command can not mount
those partitions while the desktop system makes it possible.
How can this behavior be changed so that normal could not mount other
partitions?
I would like to report this as a bug, how can I?
Thanks,
Istvan
11 Jan
11 Jan
10:27 p.m.
Istvan Gabor wrote:
It is also very strange that a user running mount
command can not mount
those partitions while the desktop system makes it possible.
How can this behavior be changed so that normal could not mount other
partitions?
I would like to report this as a bug, how can I?
I just tried to unmount /boot and I got following error
Technical details:
org.freedesktop.UDisks.Error.Failed: Error unmounting: umount exited with
exit code 1: helper failed with: umount: /boot: umount failed: Operation
not permitted
According mount nouser is within default options, so if you, as normal user,
are able to unmount such a device, you should look into the groups or even
dbus settings (org.freedesktop.UDisks) to trace the problem on your system.
I don't think TDE is able to act as super user in any sense unless you have
configured something on your system. So far I have not found such an option
in TDE. Look deeper.
regards
14 Jan
14 Jan
12:23 p.m.
New subject: [trinity-users] Re: serious mount problem
On Wed, 11 Jan 2017 23:27:55 +0100, deloptes wrote:
Istvan Gabor wrote:
OK, I tried TDE in openSUSE 13.2. In 13.2 I can not mount other
volumes,
TDE gives error message:
Unable to mount this device.
Potential reasons include:
Improper device and/or user privilege level
Corrupt data on storage device
Technical details:
org.freedesktop.UDisks2.Error.NotAuthorizedCanObtain: Not authorized to
perform operation
There is a difference between 13.2 and Leap 42.2.
What program does TDE use for mounting volumes? I would like to know
where to
search for the differences.
Thanks,
Istvan
It is also very strange that a user running mount
command can not
mount
those partitions while the desktop system makes it possible.
How can this behavior be changed so that normal could not mount
other
partitions?
I would like to report this as a bug, how can I?
I just tried to unmount /boot and I got following error
Technical details:
org.freedesktop.UDisks.Error.Failed: Error unmounting: umount exited
with
exit code 1: helper failed with: umount: /boot: umount failed:
Operation
not permitted
According mount nouser is within default options, so if you, as
normal user,
are able to unmount such a device, you should look into the groups or
even
dbus settings (org.freedesktop.UDisks) to trace the problem on your
system.
I don't think TDE is able to act as super user in any sense unless
you have
configured something on your system. So far I have not found such an
option
in TDE. Look deeper. 
11 Jan
11 Jan
10:36 p.m.
New subject: [trinity-users] serious mount problem
Am Mittwoch 11 Januar 2017 schrieb Istvan Gabor:
Hello:
I have Trinity R14.0.4 on openSUSE Leap 42.2.
The desktop has a "My Computer" icon which is a shortcut to media:/.
It opens a window that shows a lot of (all?) hard disk
volumes/partitions.
The problem:
Normal user can mount any of these partititions. This is a SERIOUS
security
flaw. Normal user should not be able to mount internal disk partitions
unless the partition is explicitely set so in /etc/fstab using "user"
or
"users" options.
I'm on a Devuan jessie / TDE R14.0.4 system and I only can mount/unmount the
partitions which are thus marked in /etc/fstab. I am not able to reproduce the
incorrect behaviour of TDE that you reported.
Stefan
11:17 p.m.
New subject: [trinity-users] serious mount problem
Stefan Krusche composed on 2017-01-11 23:36 (UTC+0100):
Istvan Gabor composed:
> I have Trinity R14.0.4 on openSUSE Leap 42.2.
...
I'm on a Devuan jessie / TDE R14.0.4 system and I
only can mount/unmount the
partitions which are thus marked in /etc/fstab. I am not able to reproduce the
incorrect behaviour of TDE that you reported.
That you cannot reproduce in Devuan is no surprise to me. Are you not using it
at least in part because of its minimal or absent dependence on systemd?
openSUSE is completely mired in systemd, which includes IIRC mountd, which with
integrated udev decides IIRC on its own if and when filesystems can or cannot be
mounted, without necessity for any fstab entries, though it will consider those
fstab entries that do exist.
--
"The wise are known for their understanding, and pleasant
words are persuasive." Proverbs 16:21 (New Living Translation)
Team OS/2 ** Reg. Linux User #211409 ** a11y rocks!
Felix Miata *** http://fm.no-ip.com/
3000
days inactive
3003
days old
5 comments
4 participants
participants (4)
-
deloptes -
Felix Miata -
Istvan Gabor -
Stefan Krusche