@Kovid
Shucks. Just as I was beginning to make progress on .80 Calibrer!
http://git.zx2c4.com/calibre-mount-helper-exploit/tree/80calibrerassaultmount.c
But you still have major problems in the code -- there are still two
race conditions, with the one exploited in .70 the most dangerous.
Namely, it's still possible to mount over any directory on the system.
To fix this, you need to chdir(realpath) and then stat(".") to ensure
root ownership, and then from that point on, only refer to the directory
by "." -- making this change will be a significant leap forward. Check
out Dan's comment for more details.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/885027
Title:
SUID Mount Helper has 5 Major Vulnerabilities
To manage notifications about this bug go to:
https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
