Bug#569222: risky use of mount from a random partition

To: Colin Watson <cjwatson@debian.org>
Cc: 569222@bugs.debian.org
Subject: Bug#569222: risky use of mount from a random partition
From: Joey Hess <joeyh@debian.org>
Date: Wed, 10 Feb 2010 17:42:22 -0500
Message-id: <[🔎] 20100210224222.GA19740@gnu.kitenet.net>
Reply-to: Joey Hess <joeyh@debian.org>, 569222@bugs.debian.org
In-reply-to: <[🔎] 20100210215533.GR4484@riva.ucam.org>
References: <[🔎] 20100210210100.GA12710@gnu.kitenet.net> <[🔎] 20100210215533.GR4484@riva.ucam.org>

> Good question.  I've been trying to dig out the history and it doesn't
> seem especially clear even to me.  I think I must have reasoned that (a)
> using $tmpmnt wasn't significantly worse than using /target (I hadn't
> thought of the security risk)

Speaking of the security risk, AFAICS via light browsing of
packages.ubuntu.com, jaunty has os-prober that still uses third-party
mount even when run on an installed system, *and* grub-pc depends on
os-prober. That's an expecially bad combination (lenny's grub-pc only
suggests os-prober).

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#569222: risky use of mount from a random partition
  - From: Colin Watson <cjwatson@debian.org>

References:
- Bug#569222: risky use of mount from a random partition
  - From: Joey Hess <joeyh@debian.org>
- Bug#569222: risky use of mount from a random partition
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: [RFH] Errata and announcement help need
Next by Date: Re: Bug#569222: risky use of mount from a random partition
Previous by thread: Bug#569222: risky use of mount from a random partition
Next by thread: Bug#569222: risky use of mount from a random partition
Index(es):
- Date
- Thread