https://bugs.launchpad.net/calibre/ bug/885027
Для Ъ: он доказывает, что дыра — это не дыра, а фича. Дыра (а вернее, дыры) — в суидном бинарнике, который ставит эта сраная Calibre чтобы поиметь возможность что-то там монтировать. В итоге кто угодно может монтировать (и отмонтировать) что угодно, создавать папки от рута, запускать от рута что угодно.
Just so this is perfectly clear: what's happening in this bug report right now is a perfect example of how *not* to do security response. When faced with two people who clearly know a few things about secure coding, rather than taking their advice and actually fixing the root cause of the problem (or abandon it as a hopeless situation, which is probably the more appropriate response), you've chosen to waste our time by demanding that we write weaponized exploits to exploit what most people already know to be exploitable. To top it off, when shown repeatedly how your half-baked «fixes» don't actually fix anything, rather than taking our advice you just add another small hurdle that can be trivially bypassed. It would be sad if it weren't so funny.