Browsing as root from disks manager

Created an attachment (id=4401)
Patch that fixes it

Fairly simple patch that uses su -c $SUDO_USER in appropriate places if this
variable is set.

There ya go seb, have fun :)

Carlos, what's your opinion on this one?

starting Nautilus with user privileges is a (huge) improvement from the security
point of view, but it's only part of the solution:

unless the mount options for Windows partitions are changed, the user won't see
anything for NTFS partitions and can only read FAT32 partitions; see also

http://bugzilla.ubuntu.com/show_bug.cgi?id=14582

In Dapper it is still browsing with root privileges.

Also, see this spec:

https://wiki.ubuntu.com/UsefulDisksManagerSpec

There's a lot of work that could be done on the Disks Manager.

Yes, please do something about this - my patch combined with sensible mount options (-o umask=xxxx) would improve the situation a lot.

Has this been filed upstream yet?

Just filed upstream:

http://bugzilla.gnome.org/show_bug.cgi?id=334430

Michael, do we need to run those tools with gksu? Running disks-admin without gksu asks for a password anyway and doesn't have that issue

Michael, did you read my comment about it?

I have tested Ubuntu 6.06 flight 6 and was quite dissapointed as nothing has changed

status quo: as a non-root user, I see icons for all windows partition on my desktop; however, clicking on a NTFS icon gives an error (no rights to see contents); clicking on a FAT icon gives only read access; file names with none-ASCII characters (such as äöü) are displayed wrong because of encoding problems (latin1/ANSI --> utf8)

to be able to write into FAT partitions or to read NTFS partitions I have to use the disk manager; it runs with root privileges; its 'Browse' button starts Nautilus with root privileges; and opening any document from within Nautilus starts the program (i.e. OpenOffice, Gimp etc.) also with root privileges

----

what needs to be done to make access to Windows partitions easier (at least from my point of view):

(1) change /etc/fstab during installation so everyone (or at least the first ubuntu user) may read NTFS partitions and everyone (or at least the first ubuntu user) may write FAT partitions; also add options for the correct characterset for FAT partitions

/dev/hda1 /media/hda1 vfat umask=0,utf8 0 0
/dev/hda2 /media/hda2 ntfs umask=0,utf8 0 0

or

/dev/hda1 /media/hda1 vfat uid=1000,gid=1000,utf8 0 0
/dev/hda2 /media/hda2 ntfs uid=1000,gid=1000,utf8 0 0

(2) reduce the disk manager to a pure administration tool and get rid of the 'Browse' button

---

a final note for Dapper+1: current versions of ntfsmount allow many NTFS *write* operations; Knoppix 5.0 shows how far this already goes; future versions of Ubuntu will also have to include this feature, which will makes the whole setup even more difficult

http://wiki.linux-ntfs.org/doku.php?id=ntfs-en#can_i_write_to_an_ntfs_volume

maybe we should simply stop shipping disks-admin, upstream doesn't build it by default and is rather bugged

As someone who's not terribly confident with using mount on the command line, disks-admin seems very useful to me.
Is there anything else that fills its role?

This upload fixes the issue:

 gnome-system-tools (2.14.0-0ubuntu6) dapper; urgency=low
 .
   * debian/patches/17_ntpdate.dpatch:
     - fix the ntpdate command to use "/etc/network/if-up.d/ntpdate",
       change pointed by Gary Coady <email address hidden> (Ubuntu: #37230)
   * debian/patches/19_fix_ntp_server.dpatch:
     - use the correct Ireland ntp server, patch by
       Gary Coady <email address hidden> (Ubuntu: #38633)
   * debian/patches/64_gksu-in-desktop-files.dpatch:
     - don't run the programs with gksu but use the sudo mode instead,
       fix the issue with the UI running with sudo too (Ubuntu: #23230)
     - use startup notification again since it's required without gksu

> don't run the programs with gksu but use the sudo mode instead

I have not tested the patches, but I cannot believe this makes any difference to the security risk imposed by disks manager; 'Browse' will still start Nautilus with root privileges, no matter whether these privileges are obtained by gksu or sudo

no it doesn't, have you tried the update before writing that comment?

42803

This upload fixes the issue:

 gnome-system-tools (2.14.0-0ubuntu8) dapper; urgency=low
 .
   * debian/patches/08_desktops_changes.dpatch:
     - use gksu for the menu items again so the UI is consistent with the other
       applications of the desktop (Ubuntu: #40680)
     - make package installation working again (Ubuntu: #40563)
   * debian/patches/20_use_sudo_user.dpatch:
     - patch by Dennis Kaarsemaker <email address hidden>
     - Use su -c $SUDO_USER for launching nautilus/totem/gnome-cd if that
       variable is set (Ubuntu: #23230)
   * debian/rules:
     - run "make pot" for the different doc directories of the package