On Wed 09 Nov 2016 at 12:01:10 +0100, to...@tuxteam.de wrote:
> On Wed, Nov 09, 2016 at 10:45:52AM +0000, Brian wrote:
>
> [...]
>
> > I hope cfdisk is an acceptable alternative to gparted, which is not on
> > my system. 'fakeroot /sbin/cfdisk' gives "cfdisk: cannot open /dev/sda:
> > Permission denied".
>
> We are talking past each other, I think.
>
> The above result is to be expected. I'm perfectly OK with that.
> You'd get that wih or without fakeroot (it doesn't convey powers
> to you you don't have. That feat would imply a gaping security
> hole in Linux. There are some, but the most obvious have been
> covered -- hopefully! long ago.
>
> The point Stefan (and me) are trying to make is that *the application
> has no business in checking user permissions*, and parted is doing
> exactly that ("am I root?"). It's something to be left to the OS
> (try to open the device and catch an EACCESS error; translate that
> for the user. That's what cfdisk above *is* doing, and I'm fine
> with that!
>
> *If* you happen to have read/write access to a device/file [1], then
> cfdisk would let you just go ahead (right behaviour), while gparted
> would stop you ("nyah nyah you aren' root" -- *wrong*).
>
> [1] Stefan and me have given examples where that would make sense.
#439409 was filed in 2007 and in the context of repartiting an external
device. In 2011 the question was asked:
> Are you sure that you can simply "cat </dev/random >/dev/sdg" on
> your GNU/Linux distribution?
To which the answer was:
> Huh? Of course, I"m sure.
If the question had been asked after April 2014 and the release of udev
204-9 the answer would (or should) have been "no". The command can be
tried on Jessie. "Permission denied" is the result. This makes it
impossible for a user to cat a Debian ISO to a USB stick. That's also
the subject of a bug report. But nothing to do with gparted.
Granted that gparted should not be checking user permissions and there
is a case for having it stop doing so. However, ceasing to check if the
user is UID 0 doesn't get him anywhere (with an external device) unless
he or gparted can sneak past udev. A disk image as a file is a different
matter.
--
Brian.
