← Back to team overview

edubuntu-bugs team mailing list archive

[Bug 885027] Re: SUID Mount Helper has 5 Major Vulnerabilities

 

"First note that unprivileged users cannot create symlinks in /dev
on any well designed system. So symlink attacks are not actually
possible, nonetheless, I have already removed the possibility of using
symlinks under /dev."

You've forgotten about /dev/shm.

And you still haven't fixed the ability to mount on top of any directory
via symlinks, which has already been demonstrated to allow escalation to
root.

"Just a note about all the histrionics around "critical" security
exploits. calibre is designed to run mainly on end user computers (single
user, typically a desktop or a laptop). On such a machine if a malicous program
can run with user privileges it already has access to everything that actually
matters on the system, namely the user's data. Privilege escalation would be
useful only in trying to hide the traces of the intrusion. The damage is
already done. Undoubtedly there are plenty of scenarios where that is not
true, but the fact remains that for the vast majority of calibre users, this
is a non issue. So kindly tone down the hyperbole, and restrict your posts to
discussion of calibre-mount-helper, otherwise you will be ignored."

Even if this is the case for the majority of calibre users, I wouldn't
consider this acceptable unless there was a big flashing banner when you
install calibre that says "if you install this every user can gain root
privileges."  There are plenty of multi-user environments, and plenty of
situations where compromising a user account isn't as bad as gaining
root access.

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/885027

Title:
  SUID Mount Helper has 5 Major Vulnerabilities

To manage notifications about this bug go to:
https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions