Reviewing the upstream issue a little more, I stumbled upon this comment
from upstream:
https://bugs.launchpad.net/calibre/+bug/1753870/comments/7
Quote:
> For export data, it is pointless, since, as I said export data
> contains the entire calibre config, which in turn contains lots of
> executable code including plugins. Therefore, changing the
> conversion_options to not use pickle, does not actually achieve
> anything, since a malicious actor can simply modify some of the other
> executable code in the export instead.
In other words, even if we fix bookmarks import to not use .pickle file
format, the import will still load configuration files, which are Python
executables.
This means that the vulnerability is still present, in a different form:
instead of injecting arbitrary code in bookmark exports, an attacker
would simply modify the configuration files to execute arbitrary files.
Upstream's response to this is to alert the user:
> This has been mitigated by displaying a warning to the user informing
> them of that when importing exported data. There isn't anything more
> that can be done there, since exported data will always contain
> executable code, so if it is tampered with, it is game over.
So I am wondering whether simply changing the serialization format is
the right approach after all: exported data still has executable code
and the patch is not sufficient to make arbitrary imports safe.
Maybe we should just make sure that imports have a popup warning as they
now do in the latest upstream. Of course this leads to warning fatigue
and is not a proper security policy, but it's upstream's choice at this
stage.
Do we have such a warning in wheezy already?
A.
--
We will create a civilization of the Mind in Cyberspace. May it be
more humane and fair than the world your governments have made
before.
- John Perry Barlow