I've already committed a fix for symlinks in /dev, maybe you missed my last comment.
pmount will not work, I have told you why it will not work. I am not going to repeat myself. Let's recap: First note that unprivileged users cannot create symlinks in /dev on any well designed system. So symlink attacks are not actually possible, nonetheless, I have already removed the possibility of using symlinks under /dev. calibre-mount-helper currently allows an unprivileged user to: 1) Delete empty directories only under /media. I see absolutely nothing wrong with that. 2) Mount anything under /dev to anything under /media. Again I see nothing wrong with that, outside of highly system specific scenarios. Feel free to post a general purpose exploit, if you can come up with one, I can always fix it. 3) Unmount anything under /media 4) Create empty directories anywhere on the system. This can be fixed, with some effort, but I am not yet convinced it is an actual vulnerability. *) Something else courtesy of a bug. If such a thing exists, point it out and I will fix it. Just a note about all the histrionics around "critical" security exploits. calibre is designed to run mainly on end user computers (single user, typically a desktop or a laptop). On such a machine if a malicous program can run with user privileges it already has access to everything that actually matters on the system, namely the user's data. Privilege escalation would be useful only in trying to hide the traces of the intrusion. The damage is already done. Undoubtedly there are plenty of scenarios where that is not true, but the fact remains that for the vast majority of calibre users, this is a non issue. So kindly tone down the hyperbole, and restrict your posts to discussion of calibre-mount-helper, otherwise you will be ignored. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/885027 Title: SUID Mount Helper has 5 Major Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
