Bug#272514: install: Partition table written to disk without user agreement
Package: install
Severity: critical
Tags: security d-i
Justification: causes serious data loss
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686
Locale: LANG=ca_ES@euro, LC_CTYPE=ca_ES@euro
Bug in debian-installer which causes a partition table being edited to be written to
disk without warning nor asking the user.
This bug has been confirmed by two independent persons. To reproduce it, please do the
following:
1) Start a new Debian sarge installation using the "netinst" CDROM installer. I used the
"linux26" boot option.
2) Proceed until the disk partitioning stage. Notice that when entering the main
partitioning menu, the first option is selected (RAID stuff).
3) DELETE a partition. You must delete one, because the bug DON'T show up when you ADD
one.
4) Notice that, when returning to the main menu, the newly created partition IS NOT
selected, but instead the "RAID configuration" menu is.
5) Press ENTER over the RAID menu. Then the installer enters the RAID menu WITHOUT
warning the user the partition table should be saved to disk prior to do RAID
configuration. Moreover, THE PARTITION TABLE IS SAVED TO DISK without asking (there's
disk activity). If the "go back" button is pressed, the changes cannot be undone. The
partition is actually deleted.
6) If you ADD a partition, then when returning to the main menu the newly created
partition is selected (not the RAID menu), and if you go into the RAID menu, a warning
is displayed suggesting the user should save the partition table before proceeding.
I hope you can reproduce this severe bug with the information I provide.
Orestes Mas.
Reply to: