But you still have major problems in the code -- there are still two race conditions, with the one exploited in .70 the most dangerous. Namely, it's still possible to mount over any directory on the system. To fix this, you need to chdir(realpath) and then stat(".") to ensure root ownership, and then from that point on, only refer to the directory by "." -- making this change will be a significant leap forward. Check out Dan's comment for more details.
@Kovid
Shucks. Just as I was beginning to make progress on .80 Calibrer! git.zx2c4. com/calibre- mount-helper- exploit/ tree/80calibrer assaultmount. c
http://
But you still have major problems in the code -- there are still two race conditions, with the one exploited in .70 the most dangerous. Namely, it's still possible to mount over any directory on the system. To fix this, you need to chdir(realpath) and then stat(".") to ensure root ownership, and then from that point on, only refer to the directory by "." -- making this change will be a significant leap forward. Check out Dan's comment for more details.