Calibrating Calibre 1.0 [LWN.net]

Calibrating Calibre 1.0

Posted Aug 28, 2013 4:07 UTC (Wed) by drag (subscriber, #31333)
Parent article: Calibrating Calibre 1.0

I haven't looked at Calibre in a couple years. It totally scared me away from it due to the author introducing trivial local root exploits into any Linux system that installed it.

http://lwn.net/Articles/465311/
http://1337day.com/exploit/16889

I am still too scared to install it, unfortunately. Which is a shame because it does actually tend to do a decent job at managing ebooks if I remembered correctly.

(Log in to post comments)

Calibrating Calibre 1.0

Posted Aug 28, 2013 7:47 UTC (Wed) by fb (subscriber, #53265) [Link]

Thanks for pointing this out. I mean it, truly appreciated.

I used Calibre for a while some years ago, and probably would install it again without much thought should I need to perform conversions between e-book formats.

Calibrating Calibre 1.0

Posted Aug 28, 2013 8:20 UTC (Wed) by Trou.fr (subscriber, #26289) [Link]

Note that Debian replaces the setuid helper with a custom component relying on other (standard) suid programs : http://bazaar.launchpad.net/~calibre-packagers/calibre/de...

Calibrating Calibre 1.0

Posted Aug 28, 2013 8:34 UTC (Wed) by TomH (subscriber, #56149) [Link]

Fedora also replaces it with a non-setuid dummy script: http://pkgs.fedoraproject.org/cgit/calibre.git/tree/calib...

Calibrating Calibre 1.0

Posted Aug 28, 2013 9:02 UTC (Wed) by rsidd (subscriber, #2582) [Link]

Thanks for that.

Calibrating Calibre 1.0

Posted Aug 30, 2013 17:34 UTC (Fri) by nix (subscriber, #2304) [Link]

The setuid helper has not existed since Nov 5 2011. It's udisks all the way now (which is also pretty horrible software, IMNSHO).