@Kovid Shucks. Just as I was beginning to make progress on .80 Calibrer! http://git.zx2c4.com/calibre-mount-helper-exploit/tree/80calibrerassaultmount.c
But you still have major problems in the code -- there are still two race conditions, with the one exploited in .70 the most dangerous. Namely, it's still possible to mount over any directory on the system. To fix this, you need to chdir(realpath) and then stat(".") to ensure root ownership, and then from that point on, only refer to the directory by "." -- making this change will be a significant leap forward. Check out Dan's comment for more details. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/885027 Title: SUID Mount Helper has 5 Major Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs