On Fri, Feb 14, 2020 at 02:52:59PM -0500, Phillip Susi <ph...@thesusis.net>
wrote:
> > You keep making this false claim, but that doesn't lend it more
> > credence. POSIX permissions work the way they work, and if you think some
> > combination of permissions are wrong, what are the rules to determine
> > right and wrong and what is your source for this repeated statement?
>
> Simple... right doesn't allow access to the people you don't want to
> have it. Wrong permissions do allow access to those you don't intend to
> have it. Working around that by other means ( to deny access to the
> entire filesystem ) does not change the fact that the permissions on the
> file are not configured correctly to carry out your intent.
No, it just means gparted has a security bug, because the permissions
did work as the user intended before gparted changed them without the
users knowledge, and they would have worked if gparted wasn't insecurely
exposing the files.
gparted *changed* the effective permissions of files by mounting the fs in
an insecure location.
The reason why your logic doesn't work is that you claim *every* debian
root fs has the wrong permissions, because some directories might be
world-writable (such as /tmp) which might not be what the user intended
by not having the fs mounted in an insecure location (and thus allowing a
DoS attack). It would also mean filesystems such as fat, without intrinsic
permissions, would somehow have "wrong" permissions.
I really don't understand why it is so difficult to simply accept that
gparted has a security bug. It happens. It should be fixed. It's not the
most dangerous security bug, after all...
Fact is, gparted exposes files because it changes effective permissions.
Whether you all these permissions right or wrong, green or blue, ethical
or satanistic doesn't have any influence on this fact - all these
classifications are your own personal opinions and don't have any merit in
objectively analying this bug.
> > Ah, maybe I see where you are copming from - gparted changes effective
> > permissions, so they are wrong.
>
> No, I didn't say anything about gparted.
Well, then you missed the topic - this bug report is about discussing a
specific gparted security bug, if you want to discuss something else, you
can try to engange me somewhere else or privately.
> When gparted mounts it somewhere that isn't traverse proof, yes, that
> does allow access where it was not previously, but that's really only
> exposing the underlying bug that was always there: that the permissions
> on the files are too loose.
Well, I have asked you for the source of this claim, but you haven't given
one - and I claim you just made it up, because I can't believe you have a
source.
If you could point out where, in the SuS, it says which permissions are wrong
and which are right, then you might have something to discuss.
But SuS only documents how permissions work, how they effectively apply,
and according to the cold hard facts, gparted exposes files that weren't
exposed before. It's that simple.
Anyways, I am out of here, have a good one!
--
The choice of a Deliantra, the free code+content MORPG
-----==- _GNU_ http://www.deliantra.net
----==-- _ generation
---==---(_)__ __ ____ __ Marc Lehmann
--==---/ / _ \/ // /\ \/ / schm...@schmorp.de
-=====/_/_//_/\_,_/ /_/\_\
