Nicolas Braud-Santoni writes: > The scenario at play is the following: > > 1. I am a user with some level of administrative privileges, and run gparted. > 2. I resize a partition (btrfs, in Marc's initial report), > causing it to be mounted under /tmp, with a mountpoint that's chmod 0777. > 3. Now *another user* on the same machine can access that file system, > which I unwittingly mounted and exposed.
I get it, I just don't understand why you would have a filesystem around whose internal permissions were not already set up correctly but instead you relied on not mounting it to protect it. > I agree with Marc that the simplest way to negate the issue would be > for gparted to make a private, temporary directory (chmod 0700) and put > all its temporary files and mountpoints there, so they cannot be accidentally > exposed to other users. Yea, I suppose it's a simple enough change.