edubuntu-bugs team mailing list archive

Thread
Date

[Bug 885027] Re: SUID Mount Helper has 5 Major Vulnerabilities

To: edubuntu-bugs@xxxxxxxxxxxxxxxxxxx
From: Jeffrey Walton <noloader@xxxxxxxxx>
Date: Sun, 06 Nov 2011 02:20:18 -0000
Reply-to: Bug 885027 <885027@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

"For example, to mount a device not under /dev, simply provide an argv[2] referring to a symlink pointing to somewhere in /dev, and after the realpath()'d version is checked, switch the target to somewhere else. If you want to do this properly, you need to update the device source such that after calling realpath(), all subsequent references to the device are to the realpath()'d version."
Kovid - This is a Time of Check/Time of Use (TOCTOU). You can read more about in Bishop and Dilger's paper at http://nob.cs.ucdavis.edu/bishop/papers/1996-compsys/racecond.pdf.

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to calibre in Ubuntu.
https://bugs.launchpad.net/bugs/885027

Title:
  SUID Mount Helper has 5 Major Vulnerabilities

To manage notifications about this bug go to:
https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions