Possible security bug with unmount
Lauri Kenttä
lauri.kentta at gmail.com
Thu Mar 24 08:09:04 CDT 2016
While security is a good concern, it's not the only concern.
If "mountpoint-with-;ls" would indeed execute ls, it would also
fail to unmount "mountpoint-with-;ls" and instead try to unmount
only "mountpoint-with-". If that's true, the code should be fixed
in any case.
Actually mounting stuff with that kind of names happens easily
with USB drives and udisks2. Like this:
$ ntfslabel /dev/sdb1 "USB;echo foo"
$ udisksctl mount --block-device /dev/sdb1
Mounted /dev/sdb1 at /run/media/user/USB;echo foo.
$ ls /run/media/user
'USB;echo foo'
--
Lauri Kenttä
More information about the wine-devel
mailing list