[Bug 1986913] Re: privilege escallation
Seth Arnold
1986913 at bugs.launchpad.net
Tue Aug 23 02:00:09 UTC 2022
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gparted in Ubuntu.
https://bugs.launchpad.net/bugs/1986913
Title:
privilege escallation
Status in gparted package in Ubuntu:
Invalid
Bug description:
Hi :-)
I have (maybe) found a privilege escalation in gparted (GParted 1.3.1)
A user with unprivileged rights was granted with standard polkit rules access to gparted.
Once the user correctly authenticates the gparted gui loads, and the user can partition any attached device (that is ok!)
BUT once done, the user is presented with the summary AND there one has the option to
----> SAVE DETAILS <---- (gparted-2-issue.png)
That is a BIG problem!
One can overwrite virtually any file on the system (being root) with the gparted output!
Could you advise me on this matter?
Thank you very much!
Kind regards
Otto
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gparted/+bug/1986913/+subscriptions
More information about the foundations-bugs
mailing list