http://bugzilla.suse.com/show_bug.cgi?id=1170162 http://bugzilla.suse.com/show_bug.cgi?id=1170162#c4 --- Comment #4 from Matthias Gerstner <matthias.gerstner@suse.com> --- The umount has another possible attack surface. Even if the program only allows removable devices to be mounted ... I could insert a removable device with a UNIX file system on it that contains symlinks. Then I could point the umount command to /media/$user/somemount/somelink and the link target would be unmounted. The problem is that the `umount` program is used for unmounting, which follows symlinks. It would be better to use the `umount2` system call and pass "UMOUNT_NOFOLLOW" to avoid symlinks being followed. Another approach could be to forbid slashes after /media/$user/somemount and making sure that /media and /media/$user aren't user controlled. Can you approach upstream with this? -- You are receiving this mail because: You are on the CC list for the bug.