Using calibre safely?
Shaun ONeil
shaun at oneil.me.uk
Tue Nov 29 19:46:44 UTC 2011
Hi Kevin,
On 29 Nov 2011, at 18:09, Kevin O'Gorman wrote:
> For a few months now I've been using calibre to access the 100-or-so
> ebooks that I have (mostly DRM-free PDFs).
> I just became aware of a vulnerability built in to calibre.
> I am not enormously worried because this is a one-user system, and the
> vulnerability seems to involve privilege
> escalation by authorized users.
The escalation that made the rounds lately does *not* affect Ubuntu (since 10.10), or most other distros. The 'helper' was replaced by the packager by something which better integrated with the methods Ubuntu uses for mounting disks - see https://bugs.launchpad.net/calibre/+bug/885027/comments/30
> On the other hand, it appears that my calibre is listening on a TCP
> port. It's on a laptop behind a NAT router at
> the moment, so I'm still safe, but because I'd like to migrate to
> another system that is exposed to the net, I'd like
> it to stop network access because I'm not networking any of these
> books. Not intentionally, anyway.
That one I wasn't expecting. Do you have Sharing enabled? (Preferences -> Sharing -> 'Sharing over the net') I believe that's the only place mine's listening.
> I'm open to advice and suggestions, including replacing calibre with
> something else, but I have to end up with access to
> my library and reasonable security.
>
> --
> Kevin O'Gorman, PhD
Regards,
Shaun ONeil
More information about the ubuntu-users
mailing list