Calibre and setuid

Posted Nov 3, 2011 9:00 UTC (Thu) by rvfh (guest, #31018)
Parent article: Calibre and setuid

Looks to me like this helper is just a way to bypass the user's permissions check when calling mount. This alone should be enough to want to avoid it at all costs!

Calibre and setuid

Posted Nov 3, 2011 12:06 UTC (Thu) by epa (subscriber, #39769) [Link] (1 responses)

Indeed, why not just make /bin/mount suid root and be done with it?

Calibre and setuid

Posted Nov 3, 2011 13:11 UTC (Thu) by ekj (guest, #1524) [Link]

/bin/mount *IS* suid-root in many (most?) distributions. It needs to be to support letting users mount usb-devices and suchlike.

But it allows only mounting those things that are explicitly configured as mountable by ordinary users, doesn't let them pick a mountpoint, and comes with various other security-features.