
Ubuntu Hit by a Vulnerability in “Eject” - brideoflinux
http://www.phoronix.com/scan.php?page=news_item&px=Ubuntu-Eject-Vulnerability
======
s3arch
[0]Ilja Van Sprundel discovered that dmcrypt-get-device does not properly
handle errors returned from setuid()/setgid() despite being a setuid-root
binary. Although it looks to be handling trustworthy input from the kernel
after the setuid()/setgid() calls, the intent is to be parsing the data as a
non-root user.

[0]
[https://bugs.launchpad.net/ubuntu/+source/eject/+bug/1673627](https://bugs.launchpad.net/ubuntu/+source/eject/+bug/1673627)

