"To fix races with the mount source, you should check against /dev/shm, as this is the only world-writable directory in most /dev filesystems that I know of."
Or more generally, stat and check root ownership and permission on the directory of the device. (Though, you can't chdir into both.) You additionally could make sure it is a block device. You could also check to see if the block device is removable / matches the identifier of supported ebook readers / something else. You could even go a step further and not call out to mount as an external program, but make the syscalls yourself, dealing with the handfuls of new problems you'll have and various mtab issues and who knows what else. (Of course, at this point, you might as well just be using pmount/udisks/microsoftwindows/whatever.) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/885027 Title: SUID Mount Helper has 5 Major Vulnerabilities To manage notifications about this bug go to: https://bugs.launchpad.net/calibre/+bug/885027/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
