|  11-03-2011, 06:12 PM | #1 | 
| Zealot     Posts: 106 Karma: 348 Join Date: Dec 2006 | 
				
				Local root exploit in Calibre
			 
			
			For anyone who takes system security seriously please be aware of a local root exploit for current version of calibre Proof of concept exploit: http://www.exploit-db.com/exploits/18071/ Details https://bugs.launchpad.net/calibre/+bug/885027 | 
|   |   | 
|  11-03-2011, 11:45 PM | #2 | 
| e-reading since 2008            Posts: 197 Karma: 112730 Join Date: Oct 2008 Location: Hinesville Georgia Device: Nook STR, Sony PRS-T1 | 
			
			Looking over the links, this security hole seems to be related to Linux distros. I've looked over the posts and not sure if this is a meaningful security exploit or not .... meaningful as in the sense that you're likely to have a bad outcome. Some of the chatter on the internet related to this don't even seen to know what Calibre is for. Vic | 
|   |   | 
|  11-04-2011, 12:55 AM | #3 | 
| creator of calibre            Posts: 45,600 Karma: 28548974 Join Date: Oct 2006 Location: Mumbai, India Device: Various | 
			
			That exploit is relevant only on a multi-user linux/bsd system. It's a privilege escalation exploit, i.e. it allows a non-root user to become root.  This has actual bad effects (in terms of access to user data) only on a system with more than one non root user, which does not include the vast majority of desktop/laptops. Furthermore, the exploit will be closed in the next calibre release. | 
|   |   | 
|  11-04-2011, 08:13 AM | #4 | ||
| Zealot     Posts: 106 Karma: 348 Join Date: Dec 2006 | Quote: 
 Quote: 
 Instead of just patching each exploit, fix the inherent flaw! It really is ok to just ask for help from those who are offering it instead of just ignoring them Last edited by splat; 11-04-2011 at 08:27 AM. Reason: link to Dan's offer of help | ||
|   |   | 
|  11-04-2011, 08:16 AM | #5 | 
| creator of calibre            Posts: 45,600 Karma: 28548974 Join Date: Oct 2006 Location: Mumbai, India Device: Various | 
			
			One more for the ignore list.
		 | 
|   |   | 
|  11-04-2011, 08:24 AM | #6 | |
| US Navy, Retired            Posts: 9,897 Karma: 13806776 Join Date: Feb 2009 Location: North Carolina Device: Icarus Illumina XL HD, Kindle PaperWhite SE 11th Gen | 
			
			Your focus is really quite narrow and misleading. Quote: 
  There is no place for folks that purposefully tell part of the story. Last edited by DoctorOhh; 11-04-2011 at 08:26 AM. | |
|   |   | 
|  11-04-2011, 08:38 AM | #7 | |
| Zealot     Posts: 106 Karma: 348 Join Date: Dec 2006 | Quote: 
 Don't like something better put head in the sand, that always works well   | |
|   |   | 
|  11-04-2011, 08:45 AM | #8 | |
| Grand Sorcerer            Posts: 28,868 Karma: 207000000 Join Date: Jan 2010 Device: Nexus 7, Kindle Fire HD | Quote: 
   | |
|   |   | 
|  11-04-2011, 08:56 AM | #9 | |
| Zealot     Posts: 106 Karma: 348 Join Date: Dec 2006 | Quote: 
 You stick with your conspiracy theories that evil security researchers are out to get the good guy developers. | |
|   |   | 
|  11-04-2011, 09:09 AM | #10 | 
| Well trained by Cats            Posts: 31,241 Karma: 61360164 Join Date: Aug 2009 Location: The Central Coast of California Device: Kobo Libra2,Kobo Aura2v1, K4NT(Fixed: New Bat.), Galaxy Tab A | 
			
			@Splat I am all for a 'Heads Up' about potential problems, but you are taking it over the top.  You join MR in 2006, make 90+ posts between then and now and tell Kovid that he must drop everything and secure the Linux distribution for maybe the 1 in 5000+ of those users that just might be running on a system that that possibility could exist  I think Kovid's list should forewarn those few affected users that the choice of system to run Calibre on should be considered. | 
|   |   | 
|  11-04-2011, 09:18 AM | #11 | |
| Grand Sorcerer            Posts: 28,868 Karma: 207000000 Join Date: Jan 2010 Device: Nexus 7, Kindle Fire HD | Quote: 
 | |
|   |   | 
|  11-04-2011, 09:26 AM | #12 | |
| Zealot     Posts: 106 Karma: 348 Join Date: Dec 2006 | Quote: 
 I'm not demanding he drop everything. There was a bug report, it'd be nice if instead of ignoring the messengers that it gets addressed properly. If he needs the time to do it by all means take it, just don't trivialize it, let those who may be affected, know and give steps to mitigate until fixed. Perfectly workable and acceptable (at least from my point of view) and has already been suggested in the bug thread. | |
|   |   | 
|  11-04-2011, 10:12 AM | #13 | ||
| Wizard            Posts: 4,004 Karma: 177841 Join Date: Dec 2009 Device: WinMo: IPAQ; Android: HTC HD2, Archos 7o; Java:Gravity T | 
			
			The Calibre Wikipedia entry has a reference to this issue. I'm a fan of both Calibre and Wikipedia. I'd like Wikipedia to be correct. It states: Quote: 
 It also fails to note that the exploits apply only when the Linux OS fails to supply a more secure method of mounting which calibre tries to use first: udisks. It does not mention that exploits have been closed and Kovid's response to a possible updated exploit is: Quote: 
 | ||
|   |   | 
|  11-04-2011, 10:46 AM | #14 | 
| Linux User            Posts: 2,282 Karma: 6123806 Join Date: Sep 2010 Location: Heidelberg, Germany Device: none | 
			
			Thanks for the info. I removed the suid bit of the mount helper. I'll also make sure it stays that way on my system. Giving a binary suid-root is dangerous and should be avoided at all costs. Removing it entirely seems the best option to me.
		 | 
|   |   | 
|  11-04-2011, 11:07 AM | #15 | |
| Wizard            Posts: 4,338 Karma: 4000000 Join Date: Oct 2008 Location: Paris Device: Cybooks; Sony PRS-T1 | Quote: 
  Well, I, as linux certainly care. it's tipical about there : hey why should kovid spend time on function X, i don't want / need it, so it's useless. It seams to me that the exploit can only be used by someone actually in front of the computer. Fixing it would be nice, but not if it means breaking thing for us linux users. (No one i can't trust will touch my computer anyway.) Not that I care about that particular issue, as i don't use calibre. Last edited by EowynCarter; 11-04-2011 at 11:12 AM. | |
|   |   | 
|  | 
| 
 | 
|  Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post | 
| Calibre loads books into Root of SD card, help please | vitalichka | Library Management | 4 | 03-06-2011 06:47 PM | 
| Calibre on linux: root password for unmounting? | mhomann | Devices | 14 | 02-05-2011 11:26 AM | 
| Adobe Reader 9 new exploit in the wild | doctorow | News | 2 | 02-20-2009 03:38 PM | 
| iLiad Huge exploit found in 2.7 | arivero | iRex Developer's Corner | 86 | 11-26-2006 04:49 PM | 
| Serious exploit in Greasemonkey 0.4 | Alexander Turcic | Lounge | 2 | 07-19-2005 04:59 AM |