Using calibre safely?

Kevin O'Gorman kogorman at gmail.com
Wed Nov 30 22:39:17 UTC 2011


On Tue, Nov 29, 2011 at 11:46 AM, Shaun ONeil <shaun at oneil.me.uk> wrote:
> Hi Kevin,
>
> On 29 Nov 2011, at 18:09, Kevin O'Gorman wrote:
>
>> For a few months now I've been using calibre to access the 100-or-so
>> ebooks that I have (mostly DRM-free PDFs).
>> I just became aware of a vulnerability built in to calibre.
>> I am not enormously worried because this is a one-user system, and the
>> vulnerability seems to involve privilege
>> escalation by authorized users.
>
> The escalation that made the rounds lately does *not* affect Ubuntu (since 10.10), or most other distros.  The 'helper' was replaced by the packager by something which better integrated with the methods Ubuntu uses for mounting disks - see https://bugs.launchpad.net/calibre/+bug/885027/comments/30
>
>> On the other hand, it appears that my calibre is listening on a TCP
>> port.  It's on a laptop behind a NAT router at
>> the moment, so I'm still safe, but because I'd like to migrate to
>> another system that is exposed to the net, I'd like
>> it to stop network access because I'm not networking any of these
>> books.  Not intentionally, anyway.
>
> That one I wasn't expecting.  Do you have Sharing enabled?  (Preferences -> Sharing -> 'Sharing over the net')  I believe that's the only place mine's listening.

AFAICT I'm not sharing.  I've not activated it either through 'Sharing
over the net' nor the separate 'Connect/share' selections.


-- 
Kevin O'Gorman, PhD




More information about the ubuntu-users mailing list