edubuntu-bugs team mailing list archive

Thread
Date

[Bug 885027] Re: SUID Mount Helper has 5 Major Vulnerabilities

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: Harris Reid <885027@xxxxxxxxxxxxxxxxxx>
Date: Sat, 05 Nov 2011 07:27:38 -0000
Reply-to: Bug 885027 <885027@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I was quite concerned and excited when I learned that I've got calibre-mount-helper and saw these exploits getting lot of attention. my initial instinct was to uninstall calibre. Call me paranoid but it questions the security of the rest of the package as well. So I tested one of them:
 .50 version.
 Didn't work, then I tried .60 and .70. didn't work as well. I was disappointed.
I was curious so I tried:
$ cat /usr/bin/calibre-mount-helper
And this is what I got:
#!/bin/sh

# This is a dummy script shipped in the fedora calibre package. 
# Since we have better/safer/easier ways to mount mass storage devices
# there's no need to have a suid binary try and do this. 
# This script simply exits telling calibre that the device is already
# been mounted by your desktop. 

exit 1

Thats when I remembered why I like Fedora.

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/885027

Title:
  SUID Mount Helper has 5 Major Vulnerabilities

To manage notifications about this bug go to:
https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions