edubuntu-bugs team mailing list archive
-
edubuntu-bugs team
-
Mailing list archive
-
Message #02783
[Bug 885027] Re: SUID Mount Helper has 5 Major Vulnerabilities
@Matt: I am not comfortable modifying pmount. What guarantee would I
posses that my modifications did not introduce an exploit. In contrast
the mount helper is 300 lines of C code, much easier to review and
modify, as this bug demonstrates. Similar problems exist with udisks.
Adding something as a dependency that is not bundled is not workable,
since the calibre standalone installer cannot enforce a dependency
requirement. This is obviously not the case for a distro calibre
package.
@Jason: I look forward to the updated exploit. If/when you attach it, I
will review if it can be closed. If it can, I will fix it, if not, then
I will nuke calibre-mount-helper. Linux users will just have to live
with no out of the box experience. Hopefully, most of them are used to
that.
--
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/885027
Title:
SUID Mount Helper has 5 Major Vulnerabilities
To manage notifications about this bug go to:
https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions