"First note that unprivileged users cannot create symlinks in /dev on any well designed system. So symlink attacks are not actually possible, nonetheless, I have already removed the possibility of using symlinks under /dev."
You've forgotten about /dev/shm. And you still haven't fixed the ability to mount on top of any directory via symlinks, which has already been demonstrated to allow escalation to root. "Just a note about all the histrionics around "critical" security exploits. calibre is designed to run mainly on end user computers (single user, typically a desktop or a laptop). On such a machine if a malicous program can run with user privileges it already has access to everything that actually matters on the system, namely the user's data. Privilege escalation would be useful only in trying to hide the traces of the intrusion. The damage is already done. Undoubtedly there are plenty of scenarios where that is not true, but the fact remains that for the vast majority of calibre users, this is a non issue. So kindly tone down the hyperbole, and restrict your posts to discussion of calibre-mount-helper, otherwise you will be ignored." Even if this is the case for the majority of calibre users, I wouldn't consider this acceptable unless there was a big flashing banner when you install calibre that says "if you install this every user can gain root privileges." There are plenty of multi-user environments, and plenty of situations where compromising a user account isn't as bad as gaining root access. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/885027 Title: SUID Mount Helper has 5 Major Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
