Re: parted is ALMOST suitable

To: debian-user@lists.debian.org
Subject: Re: parted is ALMOST suitable
From: Brian <ad44@cityscape.co.uk>
Date: Wed, 9 Nov 2016 16:04:48 +0000
Message-id: <[🔎] 20161109160448.GD22496@copernicus.org.uk>
In-reply-to: <[🔎] 20161109110110.GA22338@tuxteam.de>
References: <[🔎] 1b1syn9vyr.fsf@pfeifferfamily.net> <[🔎] 1bh97hvp82.fsf@pfeifferfamily.net> <[🔎] 3A46B8AE-468C-402C-AFC2-7C3F7DADC82C@gmail.com> <[🔎] jwv7f8drch3.fsf-monnier+linux.debian.user@gnu.org> <[🔎] 08112016203131.97e50cadd844@desktop.copernicus.org.uk> <[🔎] 20161109084801.GC17359@tuxteam.de> <[🔎] 09112016100349.7ab028228b86@desktop.copernicus.org.uk> <[🔎] 20161109102711.GA21302@tuxteam.de> <[🔎] 09112016103716.07e23e8812b0@desktop.copernicus.org.uk> <[🔎] 20161109110110.GA22338@tuxteam.de>

On Wed 09 Nov 2016 at 12:01:10 +0100, tomas@tuxteam.de wrote:

> On Wed, Nov 09, 2016 at 10:45:52AM +0000, Brian wrote:
> 
> [...]
> 
> > I hope cfdisk is an acceptable alternative to gparted, which is not on
> > my system. 'fakeroot /sbin/cfdisk' gives "cfdisk: cannot open /dev/sda:
> > Permission denied".
> 
> We are talking past each other, I think.
> 
> The above result is to be expected. I'm perfectly OK with that.
> You'd get that wih or without fakeroot (it doesn't convey powers
> to you you don't have. That feat would imply a gaping security
> hole in Linux. There are some, but the most obvious have been
> covered -- hopefully! long ago.
> 
> The point Stefan (and me) are trying to make is that *the application
> has no business in checking user permissions*, and parted is doing
> exactly that ("am I root?"). It's something to be left to the OS
> (try to open the device and catch an EACCESS error; translate that
> for the user. That's what cfdisk above *is* doing, and I'm fine
> with that!
> 
> *If* you happen to have read/write access to a device/file [1], then
> cfdisk would let you just go ahead (right behaviour), while gparted
> would stop you ("nyah nyah you aren' root" -- *wrong*).
> 
> [1] Stefan and me have given examples where that would make sense.

#439409 was filed in 2007 and in the context of repartiting an external
device. In 2011 the question was asked:

 > Are you sure that you can simply "cat </dev/random >/dev/sdg" on
 > your GNU/Linux distribution?

To which the answer was:

 > Huh?  Of course, I"m sure.

If the question had been asked after April 2014 and the release of udev
204-9 the answer would (or should) have been "no". The command can be
tried on Jessie. "Permission denied" is the result. This makes it
impossible for a user to cat a Debian ISO to a USB stick. That's also
the subject of a bug report. But nothing to do with gparted.

Granted that gparted should not be checking user permissions and there
is a case for having it stop doing so. However, ceasing to check if the
user is UID 0 doesn't get him anywhere (with an external device) unless
he or gparted can sneak past udev. A disk image as a file is a different
matter.

-- 
Brian.

Reply to:

References:
- Re: parted is ALMOST suitable
  - From: Joe Pfeiffer <pfeiffer@cs.nmsu.edu>
- Re: parted is ALMOST suitable
  - From: Joe Pfeiffer <pfeiffer@cs.nmsu.edu>
- Re: parted is ALMOST suitable
  - From: Glenn English <ghe2001@gmail.com>
- Re: parted is ALMOST suitable
  - From: Stefan Monnier <monnier@iro.umontreal.ca>
- Re: parted is ALMOST suitable
  - From: Brian <ad44@cityscape.co.uk>
- Re: parted is ALMOST suitable
  - From: <tomas@tuxteam.de>
- Re: parted is ALMOST suitable
  - From: Brian <ad44@cityscape.co.uk>
- Re: parted is ALMOST suitable
  - From: <tomas@tuxteam.de>
- Re: parted is ALMOST suitable
  - From: Brian <ad44@cityscape.co.uk>
- Re: parted is ALMOST suitable
  - From: <tomas@tuxteam.de>

Prev by Date: Re: [Proposal] Update debian installion guide. Part 4.3.3.2.
Next by Date: Re: debian-6.0.4-i386-DVD-1.iso install issue
Previous by thread: Re: parted is ALMOST suitable
Next by thread: Re: parted is ALMOST suitable
Index(es):
- Date
- Thread