← Back to team overview

edubuntu-bugs team mailing list archive

[Bug 885027] Re: SUID Mount Helper has 5 Major Vulnerabilities

 

"To fix races with the mount source, you should check against
/dev/shm, as this is the only world-writable directory in most /dev
filesystems that I know of."

Or more generally, stat and check root ownership and permission on the
directory of the device. (Though, you can't chdir into both.)

You additionally could make sure it is a block device. You could also
check to see if the block device is removable / matches the identifier
of supported ebook readers / something else.

You could even go a step further and not call out to mount as an
external program, but make the syscalls yourself, dealing with the
handfuls of new problems you'll have and various mtab issues and who
knows what else.


(Of course,  at this point, you might as well just be using
pmount/udisks/microsoftwindows/whatever.)

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/885027

Title:
  SUID Mount Helper has 5 Major Vulnerabilities

To manage notifications about this bug go to:
https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions