Comment 3 for bug 830850

Sigh. For the record, this issue existed prior to the recent fixes...sorry for missing it. Additionally, this by itself doesn't seem to be a vulnerability, since a mis-assigned group ID on mtab doesn't actually allow the unprivileged user to cross any privilege boundaries. But good catch, definitely a bug and worth fixing.

The more problematic issue is that every setuid mount helper that doesn't explicitly set its umask prior to invoking setmntent() will create an mtab-like file that is potentially world-writable, opening a race window in the best-case scenario.