Major Security Hole In Samsung Linux Drivers

GerbilSoft writes with news of a major security hole in Samsung's proprietary Linux printer drivers. From the Ubuntu Forums: "Just to inform you about a recent post on the French Ubuntu forum about Samsung drivers (sorry, in French). [Google translation here.] It appears that Samsung unified drivers change rights on some parts of the system: After installing the drivers, applications may launch using root rights, without asking any password. What is more, you may be able to kill your system, by deleting system components, generally modifiable only by using sudo." GerbilSoft adds: "Among the programs that it sets as setuid-root are OpenOffice, xsane, and xscanimage."

Install applications as root

[Simon+(S2)]

I find it very disappointing anyway that anything you install on ubuntu is installed as root (at least that is the default way of doing it). Wouldn't it be übercool to be able to install applications as the local user, and drivers maybe as the "driver" user? I still think The Zero Install system is a nice and secure way to install software, and maybe one day we can extend this to install drivers as well, so that root access will almost never be required (a bit like Plan 9, or what SE Linux is trying to do).

Re:Install applications as root

[vadim_t]

Wouldn't change much really.

This works OK for a multiuser system. If you run systems with 100 users on each and one gets their home directory hosed, you restore from backups and problem solved. Everybody else continues having uninterrupted service meanwhile.

But on a personal box everything of importance is in $HOME anyway.

What is needed is something like SELinux, which makes it impossible for applications to do things they shouldn't be doing.

I say "something like" because SELinux is a very complicated system and AFAIK still badly documented. But it sounds like a step in the right direction.

Re:Install applications as root

[rbanffy]

Synaptic (and APT) are system-wide software-management tools and thus require root privileges. OTOH, it would be cool to be able to allow any user to install a program for himself and still keep it under package management.

Re:Windows coders

[erroneus]

No, that is not my point.

As the PC developed, IO calls were to be linked through the BIOS. The idea was that each device was to have a ROM that linked itself to the system's BIOS and that there would be a more unified system for handling I/O. Well, for most people, BIOS wasn't fast enough so people started writing code to work around it. And that's where the PC's "bad programming habits" began and it just got worse from there.

Now, instead of people using the Windows API properly, people are using undocumented APIs that are subject to undocumented change, people are still trying to squeeze more performance from their apps by moving code into ring-0 virtual driver code. If you don't already know, "ring-0" means the code has access to the entire machine and all memory. And when apps misbehave, they are flying without a net since the ring-1 and above offer levels of "protection" from misbehaving or malfunctioning apps.

This culture of performance over stability and proper coding methods has undermined the security and stability of Windows. I'm not going to assert whether or not Microsoft is partly to blame or has any blame in this. But I will say that Windows coders have bad habits that are quite common and prevalent.

As Linux coders grow in numbers, it is more and more important that things like abusing root or setting up kernel modules unnecessarily should be protested and prevented at every turn. To not fight it could result in the same problems and reputation that Windows now enjoys.

Re:Lazy Design...

[a.d.trick]

I think lazy is pretty generous. Putting setuid root on something as powerful as openoffice is flat-out retarded, period. These guys are driver writers, they should know better than this. I mean they, really ought to know better than this. It would be like Red hat dumping ssh and recommending telnet for remote shell access and transfer of sensitive information.

I don't see any reason to think something malicious of it, but I think this goes beyond stupidity. It's not quite as bad as distributing rootkits with your CDs, but I think it's getting there.

Re:Windows coders

[erroneus]

Signing drivers has been proven to be ineffective for several reasons:

1. It has been shown that the signature can and has been forged
2. Unsigned drivers are still installable with only a warning given to the user at install time and the user has little to no choice but to install the unsigned driver if they wish to make use of whatever it is they are using.

the only benefit is "user awareness" and the effectiveness this may yield will vary by the quality of the user... and we more or less know what that leads to.

As far as your assertion that Linux can't do that? I'll leave that alone for now... you're about to be flooded with a number of other responses that are likely to be worded better than I ever could. But to be short, Linux can't "sign" drivers. Instead driver modules are to be compiled to match the specific kernel and will refuse with NO option by the user to over-ride that decision. So in a way, it's actually more secure. (This excludes the existence of DKMS or dynamic kernel module support which, if the user installs it, can neatly override this particular behavior from the kernel in a way but the kernel module/driver itself needs to be created within the framework of DKMS itself and all manner of other complications...so....)