edubuntu-bugs team mailing list archive

Thread
Date

[Bug 885027] Re: calibre bug 885027

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: Kovid Goyal <885027@xxxxxxxxxxxxxxxxxx>
Date: Fri, 04 Nov 2011 02:24:21 -0000
Reply-to: Bug 885027 <885027@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

To summarize where we are now. The mount helper currently allows any
user to:

1) Mount anything under /dev/ to a mountpoint under /media
2) Create empty directories anywhere if they can create symlinks in /media
3) Remove empty directories in /media

This is pretty much the minimal set of requirements for the mount helper to
work (I could possibly restrict the entries under /dev to block devices only as
well). If it turns out that this set of requirements is a security
vulnerability, then the mount helper will be removed. If not, it will stay.

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/885027

Title:
  SUID Mount Helper has 5 Major Vulnerabilities

To manage notifications about this bug go to:
https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions