Bug#987671: gnome-disk-utility: User could possibly erase/format the hard disk without giving any password

Kai Lüke kailueke at riseup.net
Thu Apr 29 23:09:16 BST 2021

Severity: minor


thanks for reporting this but it is not a dangerous bug because the disk 
wiping in your case on the USB stick could have been done anyway without 
password while for system drives this always requires a password.

The confusing behavior in GNOME Disks is that it always wipes the drive 
after encountering an error during the restore image operation, but also 
treated authentification errors the same way.

I made a patch to skip the disk wiping in case the authentification 
dialog was dismissed:


In the future, please report directly to upstream. I just found this bug 
report by chance.
(Also, since UDisks is responsible for the authentification: if it were 
possible to overwrite arbitrary drives without a password, then it 
should have been a UDisks bug report, not a GNOME Disks bug report.)


P.S.: Your second response is an HTML message which is only shown on the 
bug tracker web UI as an attachment.

More information about the pkg-gnome-maintainers mailing list