Warning to all: I'd be wary running this 70-calibreassaultmount.sh on multi user systems. The temporary file used to drop a payload is created in an insecure manner and can be exploited to execute code under the context of the user. I would like ubuntu for not including this obviously exploitable test case in the face of an arrogant security researcher.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/885027 Title: SUID Mount Helper has 5 Major Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
