23 Mar
2016
23 Mar
'16
6:15 p.m.
On Wed, Mar 23, 2016 at 12:53:43PM -0500, Vincent Povirk wrote:
It's a potential issue in a situation when you have multiple users on one machine that are allowed to mount discs or disc images without root access, or if you have a CD with a malicious label that gets copied into the mount point (though maybe automounters will escape the label).
I don't know that this can be turned into a real attack on its own, but lack of imagination is not a good argument for something not being a security risk.
Thanks for your input,
I opened a bug quoting Michael Müller's test-case:
https://bugs.winehq.org/show_bug.cgi?id=40347
Cédric Picard