[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#272514: install: Partition table written to disk without user agreement



Package: install
Severity: critical
Tags: security d-i
Justification: causes serious data loss



-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686
Locale: LANG=ca_ES@euro, LC_CTYPE=ca_ES@euro

Bug in debian-installer which causes a partition table being edited to be written to 
disk without warning nor asking the user.

This bug has been confirmed by two independent persons. To reproduce it, please do the 
following:

1) Start a new Debian sarge installation using the "netinst" CDROM installer. I used the 
"linux26" boot option.

2) Proceed until the disk partitioning stage. Notice that when entering the main 
partitioning menu, the first option is selected (RAID stuff).

3) DELETE a partition. You must delete one, because the bug DON'T show up when you ADD 
one.

4) Notice that, when returning to the main menu, the newly created partition IS NOT 
selected, but instead the "RAID configuration" menu is.

5) Press ENTER over the RAID menu. Then the installer enters the RAID menu WITHOUT 
warning the user the partition table should be saved to disk prior to do RAID 
configuration. Moreover, THE PARTITION TABLE IS SAVED TO DISK without asking (there's 
disk activity). If the "go back" button is pressed, the changes cannot be undone. The 
partition is actually deleted.

6) If you ADD a partition, then when returning to the main menu the newly created 
partition is selected (not the RAID menu), and if you go into the RAID menu, a warning 
is displayed suggesting the user should save the partition table before proceeding.

I hope you can reproduce this severe bug with the information I provide.

Orestes Mas.





Reply to: