Comment 25 for bug 885027
Revision history for this message
| Dan Rosenberg (dan-j-rosenberg) wrote | #25 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
"First note that unprivileged users cannot create symlinks in /dev
on any well designed system. So symlink attacks are not actually
possible, nonetheless, I have already removed the possibility of using
symlinks under /dev."
You've forgotten about /dev/shm.
And you still haven't fixed the ability to mount on top of any directory via symlinks, which has already been demonstrated to allow escalation to root.
"Just a note about all the histrionics around "critical" security
exploits. calibre is designed to run mainly on end user computers (single
user, typically a desktop or a laptop). On such a machine if a malicous program
can run with user privileges it already has access to everything that actually
matters on the system, namely the user's data. Privilege escalation would be
useful only in trying to hide the traces of the intrusion. The damage is
already done. Undoubtedly there are plenty of scenarios where that is not
true, but the fact remains that for the vast majority of calibre users, this
is a non issue. So kindly tone down the hyperbole, and restrict your posts to
discussion of calibre-
Even if this is the case for the majority of calibre users, I wouldn't consider this acceptable unless there was a big flashing banner when you install calibre that says "if you install this every user can gain root privileges." There are plenty of multi-user environments, and plenty of situations where compromising a user account isn't as bad as gaining root access.