edubuntu-bugs team mailing list archive

Thread
Date

[Bug 885027] Re: SUID Mount Helper has 5 Major Vulnerabilities

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: Josselin Mouette <885027@xxxxxxxxxxxxxxxxxx>
Date: Fri, 04 Nov 2011 16:54:44 -0000
Reply-to: Bug 885027 <885027@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The correct way to make it secure is to remove it.

The way to make it WORK is to remove it. By calling a specific, broken
setuid helper, calibre puts a risk on the system, but it also fails to
accomplish the task, since it should actually be done through the native
OS tools, and can conflict with whatever the OS is already doing with
removable devices.

Again, you must use GIO. It will correctly interact with the OS, report
when devices are inserted/mounted/unmounted and allow you to interact
with those devices without breaking havoc. The solutions you are
currently looking at are way beyond broken.

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/885027

Title:
  SUID Mount Helper has 5 Major Vulnerabilities

To manage notifications about this bug go to:
https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions