24 Mar
2016
24 Mar
'16
1:09 p.m.
While security is a good concern, it's not the only concern.
If "mountpoint-with-;ls" would indeed execute ls, it would also fail to unmount "mountpoint-with-;ls" and instead try to unmount only "mountpoint-with-". If that's true, the code should be fixed in any case.
Actually mounting stuff with that kind of names happens easily with USB drives and udisks2. Like this:
$ ntfslabel /dev/sdb1 "USB;echo foo" $ udisksctl mount --block-device /dev/sdb1 Mounted /dev/sdb1 at /run/media/user/USB;echo foo. $ ls /run/media/user 'USB;echo foo'
--
Lauri Kenttä