Sigh. For the record, this issue existed prior to the recent fixes...sorry for missing it. Additionally, this by itself doesn't seem to be a vulnerability, since a mis-assigned group ID on mtab doesn't actually allow the unprivileged user to cross any privilege boundaries. But good catch, definitely a bug and worth fixing.
The more problematic issue is that every setuid mount helper that doesn't explicitly set its umask prior to invoking setmntent() will create an mtab-like file that is potentially world-writable, opening a race window in the best-case scenario. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/830850 Title: mount.ecrpytfs_private sets group owner of /etc/mtab to user's primary group To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/830850/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
