Hello:
I have Trinity R14.0.4 on openSUSE Leap 42.2. The desktop has a "My Computer" icon which is a shortcut to media:/. It opens a window that shows a lot of (all?) hard disk volumes/partitions.
The problem:
Normal user can mount any of these partititions. This is a SERIOUS security flaw. Normal user should not be able to mount internal disk partitions unless the partition is explicitely set so in /etc/fstab using "user" or "users" options. This behavior can lead to unintentional disruption of raid arrays and enable normal users to modify other users' files in other OSs on other partitions.
It is also very strange that a user running mount command can not mount those partitions while the desktop system makes it possible.
How can this behavior be changed so that normal could not mount other partitions?
I would like to report this as a bug, how can I?
Thanks,
Istvan
Istvan Gabor wrote:
It is also very strange that a user running mount command can not mount those partitions while the desktop system makes it possible.
How can this behavior be changed so that normal could not mount other partitions?
I would like to report this as a bug, how can I?
I just tried to unmount /boot and I got following error
Technical details: org.freedesktop.UDisks.Error.Failed: Error unmounting: umount exited with exit code 1: helper failed with: umount: /boot: umount failed: Operation not permitted
According mount nouser is within default options, so if you, as normal user, are able to unmount such a device, you should look into the groups or even dbus settings (org.freedesktop.UDisks) to trace the problem on your system.
I don't think TDE is able to act as super user in any sense unless you have configured something on your system. So far I have not found such an option in TDE. Look deeper.
regards
On Wed, 11 Jan 2017 23:27:55 +0100, deloptes wrote:
Istvan Gabor wrote:
It is also very strange that a user running mount command can not mount those partitions while the desktop system makes it possible.
How can this behavior be changed so that normal could not mount other partitions?
I would like to report this as a bug, how can I?
I just tried to unmount /boot and I got following error
Technical details: org.freedesktop.UDisks.Error.Failed: Error unmounting: umount exited with exit code 1: helper failed with: umount: /boot: umount failed: Operation not permitted
According mount nouser is within default options, so if you, as normal user, are able to unmount such a device, you should look into the groups or even dbus settings (org.freedesktop.UDisks) to trace the problem on your system.
I don't think TDE is able to act as super user in any sense unless you have configured something on your system. So far I have not found such an option in TDE. Look deeper.
OK, I tried TDE in openSUSE 13.2. In 13.2 I can not mount other volumes, TDE gives error message:
Unable to mount this device. Potential reasons include: Improper device and/or user privilege level Corrupt data on storage device
Technical details: org.freedesktop.UDisks2.Error.NotAuthorizedCanObtain: Not authorized to perform operation
There is a difference between 13.2 and Leap 42.2.
What program does TDE use for mounting volumes? I would like to know where to search for the differences.
Thanks,
Istvan
Am Mittwoch 11 Januar 2017 schrieb Istvan Gabor:
Hello:
I have Trinity R14.0.4 on openSUSE Leap 42.2. The desktop has a "My Computer" icon which is a shortcut to media:/. It opens a window that shows a lot of (all?) hard disk volumes/partitions.
The problem:
Normal user can mount any of these partititions. This is a SERIOUS security flaw. Normal user should not be able to mount internal disk partitions unless the partition is explicitely set so in /etc/fstab using "user" or "users" options.
I'm on a Devuan jessie / TDE R14.0.4 system and I only can mount/unmount the partitions which are thus marked in /etc/fstab. I am not able to reproduce the incorrect behaviour of TDE that you reported.
Stefan
Stefan Krusche composed on 2017-01-11 23:36 (UTC+0100):
Istvan Gabor composed:
I have Trinity R14.0.4 on openSUSE Leap 42.2.
...
I'm on a Devuan jessie / TDE R14.0.4 system and I only can mount/unmount the partitions which are thus marked in /etc/fstab. I am not able to reproduce the incorrect behaviour of TDE that you reported.
That you cannot reproduce in Devuan is no surprise to me. Are you not using it at least in part because of its minimal or absent dependence on systemd? openSUSE is completely mired in systemd, which includes IIRC mountd, which with integrated udev decides IIRC on its own if and when filesystems can or cannot be mounted, without necessity for any fstab entries, though it will consider those fstab entries that do exist.
-
deloptes -
Felix Miata -
Istvan Gabor -
Stefan Krusche