[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#569222: risky use of mount from a random partition

> Good question.  I've been trying to dig out the history and it doesn't
> seem especially clear even to me.  I think I must have reasoned that (a)
> using $tmpmnt wasn't significantly worse than using /target (I hadn't
> thought of the security risk)

Speaking of the security risk, AFAICS via light browsing of
packages.ubuntu.com, jaunty has os-prober that still uses third-party
mount even when run on an installed system, *and* grub-pc depends on
os-prober. That's an expecially bad combination (lenny's grub-pc only
suggests os-prober).

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: