"For example, to mount a device not under /dev, simply provide an argv[2] referring to a symlink pointing to somewhere in /dev, and after the realpath()'d version is checked, switch the target to somewhere else. If you want to do this properly, you need to update the device source such that after calling realpath(), all subsequent references to the device are to the realpath()'d version." Kovid - This is a Time of Check/Time of Use (TOCTOU). You can read more about in Bishop and Dilger's paper at http://nob.cs.ucdavis.edu/bishop/papers/1996-compsys/racecond.pdf.
-- You received this bug notification because you are a member of Edubuntu Bugsquad, which is subscribed to calibre in Ubuntu. https://bugs.launchpad.net/bugs/885027 Title: SUID Mount Helper has 5 Major Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~edubuntu-bugs Post to : edubuntu-bugs@lists.launchpad.net Unsubscribe : https://launchpad.net/~edubuntu-bugs More help : https://help.launchpad.net/ListHelp
