On Fri, 2010-06-18 at 07:14 +0000, David Clayton wrote: > There is a major security flaw with this new functionality, why should > non-admin users be permitted to format storage?
A normally privileged desktop user should be able to format media. Are you saying that there is no way to disable this functionality, or no way to say that users must be in a certain group to do so? I know that at least in my case, my standard user has membership in the "admin" group, and therefore ought to be able to format media. Now, I just created an unprivileged desktop user and attempted to format both an internal HDD and a USB mass storage device, and in both events I was requested to authenticate as my privileged system user so that my request would be carried out. I think that might even be overkill; block devices that are already available when the user logs in are obviously to be protected. However, if I sit down at someone else's computer, and I put in a new USB drive that I just purchased, I *certainly* should be able to format it. That is, unless I am also not allowed to use external media on the system, but then it's a moot point, isn't it? > Formatting using existing tools such as gparted require a sudo > password, > but now Linux bypasses this obvious security requirement for some > nebulous user convenience, what is this OS becoming, Windows? No, it's using PolicyKit to determine whether or not the user is privileged according to system policy. If you don't like the system policy, change it! > Fine that users with Administration rights have this sort of > functionality, but non-admin users should not have this capability > either through Nautilus or the Disk Utility. > > I'm putting in a security bug now over this. Where is the security bug? Authorization to perform the task must still be granted to the user, and you can easily create accounts that lack the privileges required to format both internal and external media. It sounds to me like you are filing a security bug without even attempting to understand the system and how it works, or having tested out the idea of using a nonprivileged user account to see if you can still format things. My word, where did critical thinking and evaluation skills go? Have they disappeared altogether or something? I am really sick of seeing uninformed posts claiming faults in a system that isn't even understood by the people screaming that a fault exists. What a shame. -- Should provide Right-Click->Format... https://bugs.launchpad.net/bugs/58205 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is a bug assignee. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
