edubuntu-bugs team mailing list archive
-
edubuntu-bugs team
-
Mailing list archive
-
Message #02779
[Bug 885027] Re: calibre bug 885027
To summarize where we are now. The mount helper currently allows any
user to:
1) Mount anything under /dev/ to a mountpoint under /media
2) Create empty directories anywhere if they can create symlinks in /media
3) Remove empty directories in /media
This is pretty much the minimal set of requirements for the mount helper to
work (I could possibly restrict the entries under /dev to block devices only as
well). If it turns out that this set of requirements is a security
vulnerability, then the mount helper will be removed. If not, it will stay.
--
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/885027
Title:
SUID Mount Helper has 5 Major Vulnerabilities
To manage notifications about this bug go to:
https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions