Slashdot Mirror
Major Security Hole In Samsung Linux Drivers
GerbilSoft writes with news of a major security hole in Samsung's proprietary Linux printer drivers. From the Ubuntu Forums: "Just to inform you about a recent post on the French Ubuntu forum about Samsung drivers (sorry, in French). [Google translation here.] It appears that Samsung unified drivers change rights on some parts of the system: After installing the drivers, applications may launch using root rights, without asking any password. What is more, you may be able to kill your system, by deleting system components, generally modifiable only by using sudo." GerbilSoft adds: "Among the programs that it sets as setuid-root are OpenOffice, xsane, and xscanimage."
This sounds like a cheap hack. There is no need for these things to be setuid root, not on the program level. Sounds like someone is used to programming Windows drivers...
I'm tempted to infer something sinister about this, but then I remember the old adage "never attribute to malice what can be explained by stupidity." It keeps your blood pressure nice and low.
~Eien no Inori wo Sasagete~ Searching for my Hatsumi...
It seems extremely dangerous that a user can install something like that, with that kind of effects. Very insecure indeed. Can anyone explain why in the whole world something like this could ever happen, or is in fact an exploit/virus/worm?
If I'm not mistaken, this is how Windows got as bad as it is.
This particular incident cannot be protested enough. If this sort of thing becomes common, End-user Linux will become as corrupted as Windows.
Nothing but the programs that absolutely have to should be run as root.
Is there an English (not some auto-translated forum) site covering this? I think its talking about this suid run printer driver?
Pete/Petri "damn, my chainsaw is clogged with 1's and 0's again." --clyde
A big "Thank You!" to Samsung for demonstrating that propriatory code is inherently less secure than open source, if only because you can (could) get away with insecure code.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Am I imagining things, or are systems that are supposed to be more secure than others getting caught with their pants down alot more lately ?
Maybe all the boasting has got people feeling too comfortable, letting their guard down.
Wanna fight ? Bend over, stick your head up your ass, and fight for air.
"Major Security Hole In Samsung Linux Drivers"
Something possibly bad about Linux! I don't have time to analyze what happened, so I'll just shoot some of my best knee-jerk responses:
1. Because they're not open source! You see how only binary stuff is bad in Linux!
2. Samsung did it to undermine Linux!
3. Good, it shows someone cares and possibly uses Samsung's Linux drivers!
All of the above proves conclusively how great Linux is.
What were they trying to do that made them think OpenOffice needs to be setuid:root?
Windows ME(tm)(r) Security(tm)(r)(c)(*) now available on Linux, brought to you by Samsung(tm)(r)
The reason is most likely that this piece of crap driver tries to do ioperm calls on the parport (for USB printers!) and needs root for that. There is a howto somewhere in the web how to NOP out this crap from the binary. And never use a vendor-installer of course ..
I find it very disappointing anyway that anything you install on ubuntu is installed as root (at least that is the default way of doing it). Wouldn't it be übercool to be able to install applications as the local user, and drivers maybe as the "driver" user? I still think The Zero Install system is a nice and secure way to install software, and maybe one day we can extend this to install drivers as well, so that root access will almost never be required (a bit like Plan 9, or what SE Linux is trying to do).
I just don't trust anything that bleeds for five days and doesn't die.
quoi le baise? (senseless translation of 'wtf')
Does anyone have _any_ idea why they did this?
Fortunately, I don't use the drivers supplied by Samsung for my printer. They are crap. The foomatic one works just fine, though.
Please correct me if I got my facts wrong.
no user is going to be able to install such a dangerous "driver" without root access in the first place-- anyone can build a program, intentionally or accidently, that comprimises a system when ran/installed as root.
One buddy posted on Ubuntu forums:
http://ubuntuforums.org/showthread.php?t=500702
Math is beautiful... e^(pi*i)+1=0
linux has failed yet again. the genie is out of the bottle.
For those who can't read French, the Ubuntu forum is just a posting of a link to another forum where it was noticed. The posting, along with the interesting source can be found at http://linuxfr.org/forums/15/22562.html The interesting parts are:
The script copies the affected application's executable to one with a .bin extension, and replaces it with an suid wrapper script. This is undoable, but god, what a mess!
Okay, I couldn't overcome the lameness filter, go to the source to see for yourselves...
but this was the first time I heard of Samsung having native Linux drivers so as long as they stop screwing up peoples systems they might get some good publicity out of this ironically though I'm not sure if they deserve it.
Year that's the theory - in praxis I quite often have to start xsane as root because - for whatever reason - the scanner device security is set to:
brw-rw---- root disk
Unix security is just not up to today's desktop hardware with scanners, usb stick and whatever else. The inflexible root-centred security system is no good for hot-plugin.
I like this little trivia: http://en.wikipedia.org/wiki/Unix#1970s - Multics - multi-user-os - unics - uni-user-os. And it is still that way - root is the only true user the rest are just cripple.
Martin
...I would not call this a mere bug. This was an intentional attempt to create a backdoor. Come on, who believes that a very specific driver of all things changes the permissions of a very unspecific program like OpenOffice? Something like that does not happen by accident.
Ok, I might be wrong with my accusation, but in this case I'd say I don't have to prove it, but Samsung has to prove its innocence by making public in details how exactly it came to this 'bug'.
wrap_setuid_third_party_application xscanimage
wrap_setuid_ooo_application soffice
wrap_setuid_ooo_application swriter
wrap_setuid_ooo_application simpress
wrap_setuid_ooo_application scalc
And the content of the function for suid-making functions etc. So I have to disagree with you there.
I also agree with you though that linux distros should be automatically building in some sort of tripwire type setup to protect important system segments from scripts that are like this.
Pete/Petri "damn, my chainsaw is clogged with 1's and 0's again." --clyde
Only when the little bugger of an hotplug-manager changes the user id for the scanner device to the logged on user. Which still only gives one user access to the scanner. Have my Wife remote logged in and only one of us can use the scanner.
Unix security if just flawed and the flaw is called "root".
Martin
No, the problem come from the device driver for scanner devices which are raw scsi devices and therefore have some very restrictive security set.
The hot plug manager should change the user id to the logged in user - but that is not reliable. Personal experience in 50% of cased it stays on root so only root can scan.
And even if the user is changed - have 2nd user logged in and only one can scan.
Martin
Probably, when you print using those applications, it starts a portion of the printer driver (userspace portions, maybe?) which somehow required root to run properly. Classic problem which *might* be avoided in most cases.
Don't know about everyone else, but I tagged this: 'proprietarysoftwaresucks'
A fair surmisal of Samsung's almighty cock-up methinks. And remember: if they'd have freed the source in the first place, none of this would have ever happened.
After I installed the unified drivers for my Samsung printer/scanner, I had the unwelcome surprise of discovering that OpenOffice now opens as root, and not only that but did not ask for my password!
As a result, all documents I created were saved in the
I attempted to re-install
The beast (the problem) is occuring under Ubuntu 7.04 under Gnome.
Thank You. Bonjour,
Après avoir installé les drivers unifiés de Samsung pour gérer mon imprimante scanner, j'ai eu la très mauvaise surprise de constater que la suite openoffice s'ouvrait en root et ceci sans que me soit demandé le moindre mot de passe !!!
Du coup, les documents que je crée s'enregistrent dans le dossier
A tout hasard j'ai réinitialisé le
La bête est sous Ubuntu 7.04 et gnome. En attendant vote aide, je cherche et tente de résister au désespoir le plus sombre !
Merci
No, you are wrong and you are paranoid. Take off the tinfoil hat for a second.
/root.
You have a company, that has no experience writing drivers for UNIX operating systems, an operating system whose printing subsystem absolutely blows in all respects, and an office suite that also blows in all respects. The goal is to mix them all together and try to get something that works every time with no intervention from the user.
Guess what, make the program run as root because everything else on the system varies between distributions and you can't rely on a single thing (except the root account working), there's no good way to handle it. It's a dirty dirty dirty hack, but it works. Oh, except that it breaks the profiles of people and OO defaults to
It's totally the wrong solution, but it's definitely not malicious.
The proprietary driver fiasco has gone on far too long. It's time to stand up and say Enough Already!
Let's all get writing to our elected representatives and demand that hardware manufacturers be obliged, by law, to provide detailed specifications which would enable a sufficiently-competent programmer to write a driver program enabling any of the features of their product to be used on any sufficiently-capable computer.
Failure to do this places the rightful owners of hardware at a disadvantage. They can only use it in conjunction with certain Operating Systems. They are restricted to using it as the manufacturer thought fit. If a driver has a programming flaw, the user's computer can be compromised. If the Operating System is updated in such a way as the driver no longer works, the user is at the mercy of the manufacturer to release a new version of the driver -- or else the hardware is unusable (or at best, usable only through a bodge involving multi-booting: at the boot prompt, type linux to be able to use the Internet, or linuxOLD to be able to print).
It's unfortunate, but this measure really needs to be brought in through legislation, because manufacturers will not do it voluntarily. There are two reasons: (1) they are paranoid of competitors {despite the fact that their competitors are busy reverse-engineering their products in secret while they reverse-engineer the competitors' products} and (2) they habitually lie through their back teeth in their advertising literature about the capabilities of their hardware, and such lies would be exposed with disclosure (e.g. a camera with a 2 megapixel image sensor, spitting out JPEG images interpolated up to 6 megapixels).
Je fume. Tu fumes. Nous fûmes!
Why did you say it again?
You can see with the XServer how to do it: the server is run as root, the direct hardware DRI access is set to "root:video" and any user who is part of the "Video" group and run DRI calls.
I deal with this kind of crap in embedded Linux installs daily. Managers and marketoids want to do all sorts of insanely stupid things under the guise of "making it easy for the customer to configure the device within a maximum of 5 minutes with no technical knowledge", etc.
In the mean time the fallout from all the insane things that "need" to be done is gaping security holes all over the place and a bunch of manager types saying 'but it doesn't matter, nobody will ever want to hack us'.
For the record I used to work for a company which built Internet-accessible security products. Whenever there was a breach it was always my fault even though I told them that enabling a particular service to the greater world was risky and would require constant attention by a qualified Linux admin and also require a regular mandatory update schedule and code reviews to continue some level of security. They never wanted to do the regular updates or code reviews because it was so costly and updates inconvenience the customer (I'm sure less than a r00ted box, but explain that to marketoids).
Suffice to say I quit that job and am starting another with a company that actually cares about security over customer friendliness (and cares about their employees at least as much as their profit margin).
I drink to make other people interesting!
Printer drivers need to be installed with world execute permissions so that all users on the system can access the printer. The Samsung hacker's method of doing this, converting them to 4755 bin files and setting the original name as a link to the bin files, is one way of doing that -- IF his "unwrap" function had worked properly. That's the bug. Listed in the posting are files whose permissions need to be modified after the driver is installed.
Running with Linux for over 20 years!
I have a Samsung ML-2251N printer and the installer also replaces the standard lpr command by symlinking it to a script called slpr, which brings up a windows-like print GUI when you try to print things. This is highly annoying as it doesn't behave exactly like lpr and requires a GUI. It may also be SUID as well.
/usr/bin/lpr back to the right place. The proprietary driver still works and is much more secure. It prints faster with the Samsung driver than with the open source PCL driver. One day I might add true PostScript capabilities to it to try to work around both issues.
You can remove all of the SUID crap and point
Keep in mind that the printer driver's control panel and other stuff that Samsung installs is also SUID. The SUID garbage happens even when installing a regular printer without the scanning capabilities.
I like that they at least tried to write a Linux driver, which is many steps further than a lot of companies, but it does need to stop stomping all over the system like a Windows application would.
Any printer that requires more than a PPD and CUPS to operate is suspect.
It can join the good company of General Protection Fault, or Kernel Panic
Tsunami -- You can't bring a good wave down!
Get a decent distro that uses udev to set the permissions of device files when they are created, as detailed http://it.slashdot.org/comments.pl?sid=251801&cid= 19899587
your data is worthless. It could be trojaned too. So you need to install all your OS, patch it and retrieve all your data.
If all you can write to is $HOME then you can trust "ls" isn't trojaned and you need to retrieve all your data.
So is it better to
a) reinstall your OS patch and retrieve all your data
or
b) retrieve all your data
?
You keep banging on about this "problem" when solving your complaint doesn't help the situation. You may be right in your complaint but it doesn't have an effect on the issue you claim the complaint is about.
You think $HOME needs protection. You complain that only non-$HOME directories are protected. Hos does not protecting non-$HOME directories help your $HOME directory be safer?
"Slashdot requires you to wait between each successful posting of a comment to allow everyone a fair chance at posting a comment.
It's been 17 minutes since you last successfully posted a comment"
Samsung makes printers? That people actually buy?
A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
My somewhat rambling notes on this subject are on the internet at http://donaldkenney.110mb.com/LPRINTER.HTM. I plan to clean them up and correct the consistent misspelling of kubuntu ... someday. I posted the notes because I couldn't find any explanation anywhere of the Samsung message 'unable to find a suitable printer' or any thoughts on what to do about it other than to return the printer to the store.
You can't see ANYTHING from a car, You've got to get out of the goddamned contraption and walk...Edward Abbey
I tried to read myself into it but is is so complicated. So somehow I understand Samsung in using the suid sledge hammer to get it working. Why not set the scanner device to be owned by a group consisting of yourself and your wife? Then you could both use it, and neither of you would need to be root, and you wouldn't need any setuid binaries. Indeed - that's the way I did it before plug-and-play arrived on Linux. However - the old system had a problem as well: With each system update and sometimes in between the access right in
Martin
This is only an issue because Windows has moronised people into expecting that they must download an unverified, untrusted executable from a third party web site and execute it with full system privileges.
Thanks, Microsoft!
Stick with your distribution's official package archive and this simply won't happen.
The bug is that the driver actually tries to UN-suid the applications: unwrap_setuid_third_party_application xsane unwrap_setuid_third_party_application xscanimage wrap_setuid_ooo_application soffice un wrap_setuid_ooo_application swriter un wrap_setuid_ooo_application simpress un wrap_setuid_ooo_application scalc un But they screwed up the oo unwrap part. The "un" should be BEFORE the "wrap" on those lines. It suids the apps temporarily, and improperly un-suids them.
There is a fix for this flaw. It's called 'groups.' No the fix is called:
SET Process
Only that is a VMS command and not available on unix.
Apart from that: I am using SuSE which changes user id's in
Martin
Never attribute to malice that which can be adequately explained by stupidity.
Granted, that means attributing a pretty stunning level of stupidity to Samsung's driver engineers, but no more than I've seen from some drivers in Windows.
This was an intentional attempt to create a backdoor.
So when this same type of thing happens in Windows it's that Windows coders are inept but when the same happens in Linux it's because of a conspiracy? Please.
The Linux community better be damn well ready for when this becomes commonplace as more people use Linux. I don't expect it as much from real vendors but it's going to happen more from the likes of amateur coders and malware producers.
Too many have fallen pray to the myth that Linux isn't going to have some of the same issues that Windows has with these areas in software. This incident alone shows that Linux will not be immune to those who don't care enough, don't know enough or are willing enough to sacrifice system security for whatever reasons.
Dedicated Cthulhu Cultist since 4523 BC.
I think the permissions of OpenOffice.org are changed because there is a scanner interface in Writer, Draw, and Impress (Insert --> Picture --> Scan). I suppose that the Samsung driver author, who seems not to understand *NIX group permissions, wanted users to be able to scan directly into OOo.
Martin
scanner run as scanner:scanner. Users wanting to address the scanner must be in the scanner group, but there is no login for user scanner.
How doesn't that solve the problem?
I don't have a Samsung printer/scanner. My point is that I can almost understand Samsung because of all the trouble I had in the past 8 years or so that I use a scanner (epson btw) with Linux.
There where always to problem zones with sane:
1) Kernel module (scsi/usb/sane) not loaded - solution: reboot/reconfigure.
2) Access right not set - solution "su -l".
Yes, it got better over time - and it almost works now (at least for the user logged on to tty7).
Martin
It suids the apps temporarily, and improperly un-suids them.
OK, I read this message, and I can't understand why on earth any software would need to, even temporarily, set the setuid bit on anyone else's software. What's the purpose of this action?
I wouldn't be too surprised if something like this was a management decision to start with. Someone figured out they'd save some money on tech support calls, for example, if the users don't have to keep calling with stuff like "why does this ask for a password when I want to change the printer?" and "does your driver have a virus? my grandson said I should beware stuff that asks for a password" (for bonus points: "... and he didn't tell me the password anyway. Can I still use the printer?") and the like. Don't underestimate the kind of dumb decisions that get taken in the name of cost cutting.
And that includes the fact that it probably wasn't a programmer/architect that made the installer anyway. The drive for cost cutting includes the idea of giving each job to the lowest wage monkey who can possibly do it. So it's not entirely unheard of to offload to the cheapest interns or even to underused non-technical members of the team stuff like making an installer or writing the test cases.
In which case probably some under-paid and under-skilled monkey got the honour of figuring out how to install that stuff in Linux. These aren't typically the kind of guys you'd ask to do a security analysis and design, and they're not given ample times and funds for research either. So he'll google if he has a problem (like how to make some nice config dialog modify a file that was installed as writable by root only), and take the first thing that sorta looks like a solution.
Plus a few other such fun ways to fuck up in the name of keeping the costs down.
Mind you, I'm not saying this has to be what happened at Samsung. Just saying that I've seen that and worse happening in other places, so I wouldn't be too surprised.
A polar bear is a cartesian bear after a coordinate transform.
>
> La bête est sous Ubuntu 7.04 et gnome
>
Actually the beast (la bête) does not refer to the bug but to the computer. A better translation would thus be:
"The beast (computer) is under Ubuntu 7.04 and Gnome"
Now of course, the even better translation would be:
"The beast is running Ubuntu 7.04 and Gnome"
but it would not stay close to the original french text...
Yeah, bash me! I'm french!
AC
that's the kind of post slashdot usually gets when a windows bug is reported. so here goes...
HAHAHAHA you lame ass kids should learn to use a real O/S like Vista.
- converts everything to postscript, if not already (ghostscript)
- convert postscript into an intermediate standard CMYK format (ghostscript again)
- convert the intermediate format into a proprietary binary blob
- write the blob to the printer device
Generating the binary blob uses a binary executable that is included with the driver package and is the only "secret sauce". Everything else is standard CUPS and related programs.The SUID part comes from the Windowsification of the interface. They replace "lpr" with one that bring up a Windows-like printer config GUI. In, fact it, you can't print with it unless you're running X. The GUI writes the user's selections to the PPD in
In short order I replaced the 510 with a CLP-550 which supports postscript natively. I didn't bother with the Samsung driver, but when I found that the 550 didn't have enough memory to print a full-page graphic I extracted the needed components and ran the filter chain manually.
It's a shame that companies just aren't bothering any more. Samsung is certainly one company that doesnt "get" linux but at one point it wasn't doing too bad. The ML-4500 I have even has a little Tux on the box and some CUPS PPD's on the CD.
As another post says, any printer that needs much more than a PPD is one to steer clear of anyway. It does bug me especially with printers... there are buckets of supported printing protocols that work cross-platform and even cross-printer (Postscript, PCL, for example). Yeah, some of them were made by a particular company foisting their own protocol on people but for the most part they are documented, complete, simple to support and cross-platform.
My ML-4500 is an odd device - it's not Postscript, not PCL, it even needs a tweak to the PPD supplied on most websites (including what was linuxprinting.org) or the CD to strip out extraneous page feeds at the end of the job. But there's code, PPD's and some hint that they were trying to do stuff properly for the Linux user of the time (as an aside, the driver on the CD mentions Linux 2.2 - they weren't that many companies supporting Linux printing back then). And it works. Very well. Even over a NetportExpress, with simultaneous Linux/Windows users randomly printing to it.
And the toners for the ML-4500 are combined toner/drum but they come with a little cap that you pop off, dump some generic toner in and carry on perfectly - my first toner/drum lasted 5 years, approximately 20 refills (totalling about $30 in all) and then started to fade a little bit in certain areas (I kept the toner/drum and use it as my emergency backup). Brand new toner/drum on eBay - about $30. That's already on it's third refill.
It's almost as if there was one man on the design team for that model who had brains and mostly got his way - but at critical points, hurdles were introduced by others (e.g. proprietry protocol, combined toner/drum) and he tried his best to overcome them (by making an OS driver for it, by designing an easy-to-use toner cap that you could refill with just about any toner you had laying around etc.).
If all you see is "security flaw ... something something ... Linux", you've missed an important chunk of the story. The problem is that Samsung's drivers were poorly coded and completely ignored the built in security mechanisms of a Linux system.
... something something ... Linux"
You still have to be root to install their drivers, so no this is not a problem with Linux's security.
Another important lesson we can draw from this is that the drivers in question are not open source. Sure, people get tired of open source users constantly griping "xxxx isn't open source! Crucify! Crucify!" but then something like this comes along and proves them right: if we had access to the source, we would have seen the security problem, fixed it, and shipped the changes back to Samsung free of charge. Samsung gets free development time, Samsung product users get better security. The only down is that Slashdot doesn't get to print a story about "security flaw
/rant on
//rant off
C'mon! Linux or Mac or windoze or whatever, you are NOT going to be allowed to deploy any actual or near-mainstream systems like operating systems and crypto without SOME men-in-black-like visit from some government agencies looking for quarterly crypto keys. They'll arrive in suits, with brief cases and dead-serious looks. Or, they'll fake their appearances or get them on-line. One way or another, the governments and numerous programmers are GOING to talk.
Security is an illusion unless YOU have no rosey filters blocking your vision. Now, how can I say this? Well, some years ago, I contracted at Lotus cc:Mail. I was returning from a bathroom trip, saw some guys in black suits, shades and holding brief cases. In the hall I joked to a managerial level person, "Who are THEY? Secret Service looking for quarterly security keys?" He shot back, "Don't EVER say that." He took me aside and told me that's EXACTLY what they are there for.
So, if Lotus did it in 1997/1998, you can bet Mshaft does, and so does McAffee. Why do you think they won't comment on whether or not they comply with government court orders? Most people are sheeple, and most of us aren't savvy or patient or disciplined to use even the most BASIC of encryption tools, wallets, etc.
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Agreed, it's not likely malice, but it is one of the more agressively stupid moves I have seen. All they had to do is chmod o+rw the scanner device. (or just tell the user and let them deal with it.).
They could have even been really cleaver and given a SANE developer a brain dump of the device specs and had a really nice driver written by a Linux expert for FREE!
Otherwise, they could have gotten tons of free advice from SANE developers on writing a suitable driver module.
If truly desperate, they could have even written a daemon to talk to the scanner and made THAT and only that suid root. If they static linked it, they wouldn't have to rely on anything at all that differs from distro to distro.
"Don't care enough, don't know enough". You make is sound as if a user was at fault here.
My entire post deals with the coders, not the users.
This is a bogus argument, which simply is not applicable in this case. If Linux gets more users, the percentage of those who install and execute everything the find will grow, but this has nothing to do with dangerous commercial, binary only software packages.
Either you will admit that this is a strawman argument or you will have to absolve anyone who produces shoddy code that leaves the system open to outside influences in the future. Close source or open source should not make a difference with the security of a package and it certainly has no difference in the end result.
Maybe too many, but not those who count.
Oh, so you're saying that if a coder produces secure code and admins have secure systems using the Windows platform that the problems lay squarely on the shoulders of those who don't? That's fine but if that's the terms of how the OS will be judged in the face of malware and security vulnerabilities then we can simply scream "incompetence" at every Windows admin who didn't take care of business and left their system open to attack. If that's the way this is to be seen then, by your own standards, every OS is secure and well written. It's only the policies of the administration and users that are at fault.
Dedicated Cthulhu Cultist since 4523 BC.
Uh, that is not a security hole. To call this a security hole is like calling a nuclear weapon an open door. Well yes, quite a few doorways will stay open when a nuke goes up anywhere near them.
And before the spelling police get to me, yeah, I misspelled Thompson's name.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
That's what I tended to think as well, but we have to remember that this guy is working with people that wrote a kernel module and a function library (which is freaky, considering that we couldn't explore these binaries yet). My guess is that the guilty developer is either a trainee, or more likely a Windows developer that was pissed off being asked to write a Linux installer.
Unfortunately, more and more users seem to adopt the same schema : "how can I easily get root so I can work in peace". I've been asked once to tell how one can remove the root password on his machine. The guy knew that it was silly but we figured out that he actually was running gproftpd frequently, and was bored having to enter his password each time ! So he was about to run a FTP server on a machine with no password to the root account. Well ...
We had to explain that gproftpd doesn't forcibly need to be run as root, he doesn't forcibly need gproftpd to edit the proftpd config file, and that in fact, even the FTP daemon doesn't require to be run as root neither. The port 21 could eventually be claimed by xinetd.
Sadly, as a user reaches the limits of his own default environment, he usually assumes that the only way to circumvent the problem is to ascend to a user with an other level of power.
It's possible -- not saying it's ever happened, but it could -- for a truly evil corporation knowingly to release defective software under the assumption that nobody would ever find out about it.
OK, you don't have to. I'll say it for you. And name the corporation.
Sony knowingly to released defective software under the assumption that nobody would ever find out about it. When it was discovered an official spokesman said that it didn't matter because most people didn't know what a rootkit was.
I think we've pushed this "anyone can grow up to be president" thing too far.
Thanks, Samsung! Thanks for elegantly proving that binary drivers need to be replaced with open source ones.
Or any other OS that allows a user to sudo any command. Honestly, that idea was a bad idea. Sudo is great for some things, but it needs to be kept in check. I guess that's what visudo is for, but how many of the people that get pitched Ubuntu know about visudo and limiting sudo powers?
The problem is entirely in the installer, not the driver.
/usr/lib/cups/backend/mfp
/usr/lib/cups/filter/rastertosamsung{pcl,spl,splc}
/usr/lib/libmfp.so*
/usr/share/ppd/Samsung/scx4100.ppd.gz
/usr/lib/sane/libsane-smfp.so*
/etc/sane.d/smfp.conf
/dev/usb/lp0 (provided by the usblp kernel module), which you can usually gain by being a member of group "lp" or whatever your distribution calls it. Also, you need a line in /etc/sane.d/dll.conf that contains "smfp" so that sane will look for libsane-smfp.so .
After I bought an SCX-4100 a couple of years ago, I ran the installer. I saw right away that most of what the installer did was worthless. It installed some GUI that was simply inferior to CUPS+KDE. That made me mad, so I undid the effects of the installer and dissected it until I figured out what actually needed to be installed to just print and scan. The list of files required turns out to be pretty simple, as long as you connect via USB instead of the parallel port:
-
-
-
-
-
-
You can get all of these files out of the driver package. None of them need to be installed suid root or anything out of the ordinary. All you need is read/write access to
Use the normal CUPS and SANE configuration steps to set it up. If you're lucky, you can use http://localhost:631/ , unless your distribution has disabled that method of configuration.
I blogged about this two years ago:
http://hathawaymix.org/Weblog/2005-07-15
Note that many of the details have changed. This post is more correct.
Even though I've avoided the setuid security hole by installing by hand, I'm still very irritated that I have to use proprietary binaries with who knows how many security holes. Next time I'm not going to settle for a proprietary driver. Samsung advertised Linux support and that's half the reason I bought the printer, but I didn't realize the driver was proprietary until I already had the printer.
Samsung, if you read this, listen up: I am happy with the speed and reliability of this printer (I've gone through 5-6 reams of paper and only 1 cartridge), and I am happy that you have added x86_64 support. However, if I had known that I would spend about 40 hours messing with your drivers just to get the printer to work, I would have bought an HP printer instead, even if it cost twice as much. I will not be a repeat customer and I will not recommend any of your printers to anyone else unless you open your drivers.
That employee's manager is the one that should get fired.
Managers are responsible for that the skill levels (training, career paths, etc) are adequate. Managers also bear responsibility for quality as they are supposed to manage the processes for checking things and controlling. Manager should know his people and who is able to do what.
Sounds like a managment problem to me.
Software Guys: Its not ready
Managers: You showed me a working copy
Software Guys: But it has major security holes
Managers: Dont care ship it.