Well I have expected GParted once invoked as root to carry out partitioning tasks and NOTHING else.
The live session could run from a DVD or from RAM for example,.. Writing arbitrary data to / is my concern. I have granted unprivileged users access to GParted to carry out device partitioning for NEWLY attached devices,... NOT BEING ABLE TO TOUCH THE BOOT DEVICE! Anyway it was quite shocking to see that GParted will write a summary wherever I want to and invokes the file manager as root and 2 steps later drops to a root terminal! I will trash the summary and help menu and compile GParted to suit my needs. I just thought the community should be made aware of these ADDITIONAL unexpected features of GParted. At least a warning should be present in the polkit rule e.g. run GParted as root which can overwrite any file in / Kind regards Otto On Tue, 23 Aug 2022, 17:50 Curtis Gedak, <1986...@bugs.launchpad.net> wrote: > A disk partitioning and formatting tool, such as GParted, requires root > privilege to be able to create new partition tables, format disks and > partitions, update the Linux kernel with the changes, etc. By its very > nature GParted can completely overwrite everything on a disk device. > > With this in mind, why is the ability to overwrite a file considered a > security concern when GParted could be used to change the entire > contents of the disk device? > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1986913 > > Title: > privilege escallation > > Status in gparted package in Ubuntu: > Invalid > > Bug description: > Hi :-) > > I have (maybe) found a privilege escalation in gparted (GParted 1.3.1) > > A user with unprivileged rights was granted with standard polkit rules > access to gparted. > Once the user correctly authenticates the gparted gui loads, and the > user can partition any attached device (that is ok!) > > BUT once done, the user is presented with the summary AND there one has > the option to > ----> SAVE DETAILS <---- (gparted-2-issue.png) > > That is a BIG problem! > One can overwrite virtually any file on the system (being root) with the > gparted output! > > Could you advise me on this matter? > > Thank you very much! > Kind regards > Otto > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/gparted/+bug/1986913/+subscriptions > > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1986913 Title: privilege escallation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gparted/+bug/1986913/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
