edubuntu-bugs team mailing list archive
-
edubuntu-bugs team
-
Mailing list archive
-
Message #02831
[Bug 885027] Re: SUID Mount Helper has 5 Major Vulnerabilities
@Fou-Lu - Please, grow up. With much difficulty, he has removed the
broken functionality/exploitable code.
@Thorsten - I have /media on FreeBSD 8.2. That's where KDE likes to
mount things for me.
@Kovid - HAL was deprecated on linux, but not on BSD. Instead the issues
in HAL were fixed, and the HAL we have on BSD is much improved compared
with whatever HAL was last developed in the Linux kernel. As far as I
can tell, GIO is working fine with HAL on my system, though I can't say
I've done any programming with it; I've always found it sufficient to
mount/unmount manually using the dolphin file browser. As it sounds like
many distros have already been specifically patching your application
before distributing it in their repos, perhaps it would be good to
survey what various package managers are doing on Fedora, Debian/Ubuntu,
FreeBSD (it's in ports...), OpenSuse, etc. Perhaps a consensus can be
found that you've overlooked.
Or maybe "a single binary that works everywhere without compiling"
solution just isn't appropriate for the unix world. Certainly I make
sure my users have a very good reason for installing anything from
upstream sources on our network. If somethings in the repositories/ports
collection, then there better be something seriously wrong with it to
allow upgrading from somewhere else. I can certainly remember a few
cases where the upstream developer was feigning ignorance while
carefully crafting network security holes which package maintainers
dutifully patched, until the project was finally excluded from the
repos.
--
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/885027
Title:
SUID Mount Helper has 5 Major Vulnerabilities
To manage notifications about this bug go to:
https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions