Creating a non privileged desktop user on my system currently running an
up-to-date Maverick installation does not yield this problem; the system
instead prompts for the password for the privileged user and will then,
if the proper credentials are input, will format the media. I do not
have Lucid installed to determine if this is the same way there at the
moment, but if memory serves, it absolutely is. Remove the user's
ability to automatically mount external media, and you will remove the
ability for them to format it as well.
Furthermore, this bug report lists no actual cause to be classified as a
security vulnerability. No vulnerability here is documented, nor is any
documentation of actual compromise provided. The bug report itself is
also argumentative.
To the bug reporter: If you can show a security vulnerability and
document a method of compromise that can affect a running system's
configuration, please feel free to open a bug with the appropriate
documentation. However, it seems to me that you're complaining that a
normally-privileged desktop user on a standard Ubuntu installation is
able to insert a USB mass storage device and then format it. That is
normal and to-be-expected behavior, as it is a necessarily often task
for many types of users. If the issue is that you need finer-grained
control over who can format what and when, I suggest that you check to
see if PolicyKit already has a means of setting policy for this, and if
not, filing a bug there to have a policy setting added. After that's
done, I am sure that upstream Nautilus will be happy to take a bug
report to support that PolicyKit setting.
** Changed in: nautilus (Ubuntu)
Status: New => Invalid
--
Non-admin users can format removable media
https://bugs.launchpad.net/bugs/595825
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
