Thread: Local root exploit in Calibre
View Single Post
Old 11-04-2011, 12:55 AM   #3
kovidgoyal
creator of calibre
kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.kovidgoyal ought to be getting tired of karma fortunes by now.
 
kovidgoyal's Avatar
 
Posts: 45,402
Karma: 27756918
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
That exploit is relevant only on a multi-user linux/bsd system. It's a privilege escalation exploit, i.e. it allows a non-root user to become root.
This has actual bad effects (in terms of access to user data) only on a system with more than one non root user, which does not include the vast majority of desktop/laptops.

Furthermore, the exploit will be closed in the next calibre release.
kovidgoyal is offline   Reply With Quote