Bug#987671: gnome-disk-utility: User could possibly erase/format the hard disk without giving any password
kailueke at riseup.net
Thu Apr 29 23:09:16 BST 2021
thanks for reporting this but it is not a dangerous bug because the disk
wiping in your case on the USB stick could have been done anyway without
password while for system drives this always requires a password.
The confusing behavior in GNOME Disks is that it always wipes the drive
after encountering an error during the restore image operation, but also
treated authentification errors the same way.
I made a patch to skip the disk wiping in case the authentification
dialog was dismissed:
In the future, please report directly to upstream. I just found this bug
report by chance.
(Also, since UDisks is responsible for the authentification: if it were
possible to overwrite arbitrary drives without a password, then it
should have been a UDisks bug report, not a GNOME Disks bug report.)
P.S.: Your second response is an HTML message which is only shown on the
bug tracker web UI as an attachment.
More information about the pkg-gnome-maintainers