Major Security Hole In Samsung Linux Drivers

GerbilSoft writes with news of a major security hole in Samsung's proprietary Linux printer drivers. From the Ubuntu Forums: "Just to inform you about a recent post on the French Ubuntu forum about Samsung drivers (sorry, in French). [Google translation here.] It appears that Samsung unified drivers change rights on some parts of the system: After installing the drivers, applications may launch using root rights, without asking any password. What is more, you may be able to kill your system, by deleting system components, generally modifiable only by using sudo." GerbilSoft adds: "Among the programs that it sets as setuid-root are OpenOffice, xsane, and xscanimage."

Thank you!

[mwvdlee]

A big "Thank You!" to Samsung for demonstrating that propriatory code is inherently less secure than open source, if only because you can (could) get away with insecure code.

What were they trying to do?

What were they trying to do that made them think OpenOffice needs to be setuid:root?

Windows ME(tm)(r) Security(tm)(r)(c)(*) now available on Linux, brought to you by Samsung(tm)(r)

Let me be the first to say...

[RAMMS+EIN]

quoi le baise? (senseless translation of 'wtf')

Does anyone have _any_ idea why they did this?

Fortunately, I don't use the drivers supplied by Samsung for my printer. They are crap. The foomatic one works just fine, though.

Re:Time to Get Heavy

[Xeth]

+4, funny? Ouch. I guess we are a cynical bunch. Next up: The "-1, Pointless idealism" mod?