Slashdot Mirror
Major Security Hole In Samsung Linux Drivers
GerbilSoft writes with news of a major security hole in Samsung's proprietary Linux printer drivers. From the Ubuntu Forums: "Just to inform you about a recent post on the French Ubuntu forum about Samsung drivers (sorry, in French). [Google translation here.] It appears that Samsung unified drivers change rights on some parts of the system: After installing the drivers, applications may launch using root rights, without asking any password. What is more, you may be able to kill your system, by deleting system components, generally modifiable only by using sudo." GerbilSoft adds: "Among the programs that it sets as setuid-root are OpenOffice, xsane, and xscanimage."
This sounds like a cheap hack. There is no need for these things to be setuid root, not on the program level. Sounds like someone is used to programming Windows drivers...
I'm tempted to infer something sinister about this, but then I remember the old adage "never attribute to malice what can be explained by stupidity." It keeps your blood pressure nice and low.
~Eien no Inori wo Sasagete~ Searching for my Hatsumi...
If I'm not mistaken, this is how Windows got as bad as it is.
This particular incident cannot be protested enough. If this sort of thing becomes common, End-user Linux will become as corrupted as Windows.
An app running as root can do anything it wants - and installers normally do run as root. The same problem exists on every OS: the administrator and the programs he runs can do retarded things.
The question I want to ask is why there is a driver developer working for Samsung who is able to understand the function of the setuid bit but not the security implications of using it. It seems that there is a very special type of stupidity involved here, along with some extremely thoughtless design. Samsung is taking a big risk employing morons like that.
If the guy can't understand the security implications of the setuid bit, which are well documented and not that complex, he should not be writing software.
no user is going to be able to install such a dangerous "driver" without root access in the first place-- anyone can build a program, intentionally or accidently, that comprimises a system when ran/installed as root
Yes, but when you install a driver, you normally assume that it's not going to make your system insecure. Why should it? Only a very badly designed driver would deliberately break your system security.
Sometimes drivers do accidentally introduce security problems. The Nvidia drivers for X have done this in the past, for example. In those cases, it's not bad design, it's an oversight of some sort, like a buffer overflow.
But this is not an oversight. A deliberate design decision has been made to break the Linux security model. A very special type of stupidity is involved: one that includes an understanding of the effects of the setuid bit, but excludes an understanding of the security implications.
Samsung should investigate this fully - who knows what other retarded decisions have been made by these guys?
wrap_setuid_third_party_application xscanimage
wrap_setuid_ooo_application soffice
wrap_setuid_ooo_application swriter
wrap_setuid_ooo_application simpress
wrap_setuid_ooo_application scalc
And the content of the function for suid-making functions etc. So I have to disagree with you there.
I also agree with you though that linux distros should be automatically building in some sort of tripwire type setup to protect important system segments from scripts that are like this.
Pete/Petri "damn, my chainsaw is clogged with 1's and 0's again." --clyde
The proprietary driver fiasco has gone on far too long. It's time to stand up and say Enough Already!
Let's all get writing to our elected representatives and demand that hardware manufacturers be obliged, by law, to provide detailed specifications which would enable a sufficiently-competent programmer to write a driver program enabling any of the features of their product to be used on any sufficiently-capable computer.
Failure to do this places the rightful owners of hardware at a disadvantage. They can only use it in conjunction with certain Operating Systems. They are restricted to using it as the manufacturer thought fit. If a driver has a programming flaw, the user's computer can be compromised. If the Operating System is updated in such a way as the driver no longer works, the user is at the mercy of the manufacturer to release a new version of the driver -- or else the hardware is unusable (or at best, usable only through a bodge involving multi-booting: at the boot prompt, type linux to be able to use the Internet, or linuxOLD to be able to print).
It's unfortunate, but this measure really needs to be brought in through legislation, because manufacturers will not do it voluntarily. There are two reasons: (1) they are paranoid of competitors {despite the fact that their competitors are busy reverse-engineering their products in secret while they reverse-engineer the competitors' products} and (2) they habitually lie through their back teeth in their advertising literature about the capabilities of their hardware, and such lies would be exposed with disclosure (e.g. a camera with a 2 megapixel image sensor, spitting out JPEG images interpolated up to 6 megapixels).
Je fume. Tu fumes. Nous fûmes!
Which is why most distros support POSIX ACLs...they are just not widely used. Ext2, Ext3, JFS, XFS, and ReiserFS all support ACLs (extended attributes). I believe NFS version 3 and 4 also support ACLs.
There are of course some other areas which ACL's don't address but there are pre-existing mechanisms to address those as well. Well, on most modern Unix/Linux systems anyways. The model has survived for so long for simple reasons; it's effective, simple and covers the vast majority of situations. When complex requirements come into light, more complex solutions exist. Most people just don't know about them.
This was an intentional attempt to create a backdoor.
So when this same type of thing happens in Windows it's that Windows coders are inept but when the same happens in Linux it's because of a conspiracy? Please.
The Linux community better be damn well ready for when this becomes commonplace as more people use Linux. I don't expect it as much from real vendors but it's going to happen more from the likes of amateur coders and malware producers.
Too many have fallen pray to the myth that Linux isn't going to have some of the same issues that Windows has with these areas in software. This incident alone shows that Linux will not be immune to those who don't care enough, don't know enough or are willing enough to sacrifice system security for whatever reasons.
Dedicated Cthulhu Cultist since 4523 BC.