← Back to team overview

edubuntu-bugs team mailing list archive

[Bug 885027] Re: calibre bug 885027

 

I've already committed a fix for symlinks in /dev, maybe you missed my last
comment.

pmount will not work, I have told you why
it will not work. I am not going to repeat myself.

Let's recap:

First note that unprivileged users cannot create symlinks in /dev
on any well designed system. So symlink attacks are not actually
possible, nonetheless, I have already removed the possibility of using
symlinks under /dev.

calibre-mount-helper currently allows an unprivileged user to:

1) Delete empty directories only under /media. I see absolutely nothing wrong with
that. 

2) Mount anything under /dev to anything under /media. Again I see nothing
wrong with that, outside of highly system specific scenarios. Feel free to
post a general purpose exploit, if you can come up with one, I can always fix
it. 

3) Unmount anything under /media

4) Create empty directories anywhere on the system. 
This can be fixed, with some effort, but I am not yet convinced
it is an actual vulnerability.

*) Something else courtesy of a bug. If such a thing exists, point it out and
I will fix it.

Just a note about all the histrionics around "critical" security
exploits. calibre is designed to run mainly on end user computers (single
user, typically a desktop or a laptop). On such a machine if a malicous program
can run with user privileges it already has access to everything that actually
matters on the system, namely the user's data. Privilege escalation would be
useful only in trying to hide the traces of the intrusion. The damage is
already done. Undoubtedly there are plenty of scenarios where that is not
true, but the fact remains that for the vast majority of calibre users, this
is a non issue. So kindly tone down the hyperbole, and restrict your posts to
discussion of calibre-mount-helper, otherwise you will be ignored.

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/885027

Title:
  SUID Mount Helper has 5 Major Vulnerabilities

To manage notifications about this bug go to:
https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions