edubuntu-bugs team mailing list archive

Thread
Date

[Bug 885027] Re: SUID Mount Helper has 5 Major Vulnerabilities

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: ravomavain <885027@xxxxxxxxxxxxxxxxxx>
Date: Thu, 03 Nov 2011 21:59:44 -0000
Reply-to: Bug 885027 <885027@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Why do you really want to handle the auto-mounting part by yourself? I mean, if udisks (or other) is not available, the user will probably know how to mount a removable device by his own without needing the help of any helper tool, every desktop linux user should know how to mount a removable device on his distro (whether it's done automatically, through a file manager or by using mount as root).
And if you really want to mount a device through calibre, you can call mount  using gksu which will warn the user that your program require root access and will ask for it (and so the user will be able to check if the command being run is not dangerous).

The best way will be to have a script (without suid!) that first check
for all available mounting tools (udisks, pmount,....) and fall back to
gksu mount.

Because if system doesn't provide a tool to allow mounting device for
regular user, it can simply means that this user is not allowed to mount
the device, and that's not the role of your program to decide whether it
should be allowed or not !

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/885027

Title:
  SUID Mount Helper has 5 Major Vulnerabilities

To manage notifications about this bug go to:
https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions