@Matt: I am not comfortable modifying pmount. What guarantee would I posses that my modifications did not introduce an exploit. In contrast the mount helper is 300 lines of C code, much easier to review and modify, as this bug demonstrates. Similar problems exist with udisks. Adding something as a dependency that is not bundled is not workable, since the calibre standalone installer cannot enforce a dependency requirement. This is obviously not the case for a distro calibre package.
@Jason: I look forward to the updated exploit. If/when you attach it, I will review if it can be closed. If it can, I will fix it, if not, then I will nuke calibre-mount-helper. Linux users will just have to live with no out of the box experience. Hopefully, most of them are used to that. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/885027 Title: SUID Mount Helper has 5 Major Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
