Major Security Hole In Samsung Linux Drivers

GerbilSoft writes with news of a major security hole in Samsung's proprietary Linux printer drivers. From the Ubuntu Forums: "Just to inform you about a recent post on the French Ubuntu forum about Samsung drivers (sorry, in French). [Google translation here.] It appears that Samsung unified drivers change rights on some parts of the system: After installing the drivers, applications may launch using root rights, without asking any password. What is more, you may be able to kill your system, by deleting system components, generally modifiable only by using sudo." GerbilSoft adds: "Among the programs that it sets as setuid-root are OpenOffice, xsane, and xscanimage."

Re:How come an app can do that?

[krischik]

I expect that you install the drivers as root. The installation routine then sets suid to all applications which use a scanner.

And somehow I understand it - quite often I had to start xsane as root because the current user just was not able to access the scanner device - and I wanted that bloody scan now and not in half an hour problem searching session.

Martin