I was quite concerned and excited when I learned that I've got calibre-mount-helper and saw these exploits getting lot of attention. my initial instinct was to uninstall calibre. Call me paranoid but it questions the security of the rest of the package as well. So I tested one of them: .50 version. Didn't work, then I tried .60 and .70. didn't work as well. I was disappointed. I was curious so I tried: $ cat /usr/bin/calibre-mount-helper And this is what I got: #!/bin/sh
# This is a dummy script shipped in the fedora calibre package. # Since we have better/safer/easier ways to mount mass storage devices # there's no need to have a suid binary try and do this. # This script simply exits telling calibre that the device is already # been mounted by your desktop. exit 1 Thats when I remembered why I like Fedora. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/885027 Title: SUID Mount Helper has 5 Major Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
