Hi Phillip, On Thu, Dec 13, 2018 at 09:02:24AM -0500, Phillip Susi wrote: > On 12/12/2018 11:59 PM, Marc Lehmann wrote: > > As you say, there are several ways, some where the user can choose to > > make the files accessible and some where she can choose to not make them > > available. > > I'm not sure what you mean by this.
The scenario at play is the following: 1. I am a user with some level of administrative privileges, and run gparted. 2. I resize a partition (btrfs, in Marc's initial report), causing it to be mounted under /tmp, with a mountpoint that's chmod 0777. 3. Now *another user* on the same machine can access that file system, which I unwittingly mounted and exposed. I agree with Marc that the simplest way to negate the issue would be for gparted to make a private, temporary directory (chmod 0700) and put all its temporary files and mountpoints there, so they cannot be accidentally exposed to other users. Best, nicoo
signature.asc
Description: PGP signature
