I had created a poor man's backup of my root partition with
dd if=/dev/sda1 of=/dev/sdb1 ,
where sda is my PC's only hard drive (mounted offline!), and sdb is a removable USB hard drive. Now, two years later, I tried to mount this partition with udisksctl, to find that it mounted it on the filesystem root '/' with no questions asked and no elevation required (other partitions on the USB hard drive mount to /media/username/blah happily). This is a bit of a worry, though it's hard to say if there is any real danger, as 'ls /' still lists my real hard drive root, and I didn't do much playing around in the mounted state as I value my filesystem and sanity too much.
As a user, I would expect this operation to mount the USB partition on /media/username/something, as with any other USB partitions. At the very least I would expect a big scary warning to be issued if trying to mount something on '/', and I would expect non-root to not be allowed to do this at all.
Info as suggested on the wiki page to be attached. Please advise if you wish me to supply anything else.
Created attachment 120743 [details]
output of udisksctl monitor
while mounting and unmounting the partition in question
Created attachment 120744 [details]
output of mount
output of `mount` after udisksctl has done its thing
Created attachment 120745 [details]
output of udisksctl dump before mounting
Created attachment 120746 [details]
output of udisksctl dump after mounting
forgot to say: the partition in question is /dev/sdc3 in all the posted attachments.
If you have an fstab entry of your root filesystem, that's not really udisks fault. Since sdb1 and sda1 are clone, they have the same (FS) UUID unless you have changed either/both of them manually after cloning. So "sdb1" got resolved and matched with the fstab entry of "/" and get mounted there.