Ubuntu
usb-creator package

please consider letting non-admins create ubuntu installation USB stick

Bug #1000268 reported by Timo Juhani Lindfors
18
This bug affects 4 people
Affects Status Importance Assigned to Milestone
usb-creator (Ubuntu)
Triaged
Wishlist
Unassigned

Bug Description

This is a wishlist bug. Currently

http://www.ubuntu.com/download

nicely describes how a user can create Ubuntu installation USB stick using usb-creator. What it does not mention is that you need to be an admin to create the USB stick since /usr/share/polkit-1/actions/com.ubuntu.usbcreator.policy has "auth_admin_keep" set.

This is unfortunate since it means that users can not create Ubuntu installation USB sticks on computers where they do not have admin privileges (think university class rooms, libraries, work places where people are not given root privileges to their desktops).

Please consider if this could be relaxed to at least to allow local users to create such installation media.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in usb-creator (Ubuntu):
status: New → Confirmed
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

auth_admin_keep is set, because the application is formatting drives / installing a bootloader into mbr.
There is a potential for data loss & rendering your system unbootable.
I need to check if we can relax policy, without causing dataloss.

Changed in usb-creator (Ubuntu):
status: Confirmed → Triaged
importance: Undecided → Wishlist
Revision history for this message
Timo Juhani Lindfors (timo-lindfors) wrote :

The code at least tries to check if the drive is marked as "device-is-system-internal" by udisks and aborts if that is the case.

Revision history for this message
Timo Juhani Lindfors (timo-lindfors) wrote :

Sorry to ask again but is there some specific area of code that you'd like to be reviewed more carefully? I think I found at least a few security bugs. For example it does not check that the file that the user wants to write to the USB stick is actually something that the user can normally access. This means you can tell it to write /etc/shadow to your USB stick.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.