System mounts CDROM drive to other user sessions

Bug #496343 reported by Doughy on 2009-12-13
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
consolekit (Ubuntu)
Undecided
Unassigned

Bug Description

My desktop frequently has many concurrent user sessions. One for me, one for my wife, and one for my son. When I place a CD in my CDROM drive, it mounts the CD incorrectly to my son's user session, giving him all the privileges. I can't unmount it unless I switch to his session, then unmount. If I put the CD in while under my son's session, it mounts the CD under my wife's session, and the same kind of thing happens. I have to go into my wife's session and unmount there.

When I place the CD in the drive, I get this error:
"A job is pending on /dev/sr0"

When I try to unmount from the correct user, I get this error:
"Error unmounting: umount exited with exit code 1: helper failed with: umount: only [otheruser] can unmount /dev/scd0 from /media/cdrom0"

There appears to be a problem mounting to the wrong user session, maybe a user indexing is incorrect? Could it be someone coded a one-based array index when it should have been zero-based? Just a thought.

I'm marking this as a security problem as well, as it may mount sensitive information to the wrong session.

ProblemType: Bug
Architecture: i386
AudioDevicesInUse:
 USER PID ACCESS COMMAND
 /dev/snd/controlC0: joey 1873 F.... pulseaudio
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info:
 Card hw:0 'Live'/'SB Live! Value [CT4871] (rev.8, serial:0x80321102) at 0x1000, irq 21'
   Mixer name : 'Cirrus Logic CS4297A rev 4'
   Components : 'AC97a:43525914'
   Controls : 221
   Simple ctrls : 42
Date: Sun Dec 13 16:35:19 2009
DistroRelease: Ubuntu 9.10
HibernationDevice: RESUME=UUID=d98a94c6-bcf3-4cbd-8437-6b77552d2913
IwConfig:
 lo no wireless extensions.

 eth0 no wireless extensions.
NonfreeKernelModules: nvidia
Package: linux-image-2.6.31-16-generic 2.6.31-16.53
ProcCmdLine: root=UUID=4fb5e0bd-0b3f-4380-9e82-cf991aafb69e ro quiet splash
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-16.53-generic
RelatedPackageVersions:
 linux-backports-modules-2.6.31-16-generic N/A
 linux-firmware 1.25
RfKill:

SourcePackage: linux
Uname: Linux 2.6.31-16-generic i686
WpaSupplicantLog:

dmi.bios.date: 04/13/2007
dmi.bios.vendor: Intel Corp.
dmi.bios.version: CO96510J.86A.5882.2007.0413.0100
dmi.board.asset.tag: Base Board Asset Tag
dmi.board.name: DQ965GF
dmi.board.vendor: Intel Corporation
dmi.board.version: AAD41676-402
dmi.chassis.type: 3
dmi.modalias: dmi:bvnIntelCorp.:bvrCO96510J.86A.5882.2007.0413.0100:bd04/13/2007:svn:pn:pvr:rvnIntelCorporation:rnDQ965GF:rvrAAD41676-402:cvn:ct3:cvr:

Doughy (doughywilson) wrote :
Kees Cook (kees) on 2009-12-15
affects: linux (Ubuntu) → consolekit (Ubuntu)
Changed in consolekit (Ubuntu):
status: New → Confirmed
security vulnerability: yes → no
visibility: private → public
tags: added: karmic
Przemek K. (azrael) wrote :

Possible duplicate: Bug #387832

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers