Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major Security Hole In Samsung Linux Drivers

Posted by kdawson on from the drive-a-truck-through dept.

GerbilSoft writes with news of a major security hole in Samsung's proprietary Linux printer drivers. From the Ubuntu Forums: "Just to inform you about a recent post on the French Ubuntu forum about Samsung drivers (sorry, in French). [Google translation here.] It appears that Samsung unified drivers change rights on some parts of the system: After installing the drivers, applications may launch using root rights, without asking any password. What is more, you may be able to kill your system, by deleting system components, generally modifiable only by using sudo." GerbilSoft adds: "Among the programs that it sets as setuid-root are OpenOffice, xsane, and xscanimage."

7 of 295 comments (clear)

  1. Lazy Design... by Azuma+Hazuki · · Score: 5, Insightful

    This sounds like a cheap hack. There is no need for these things to be setuid root, not on the program level. Sounds like someone is used to programming Windows drivers...

    I'm tempted to infer something sinister about this, but then I remember the old adage "never attribute to malice what can be explained by stupidity." It keeps your blood pressure nice and low.

    --
    ~Eien no Inori wo Sasagete~ Searching for my Hatsumi...
  2. Windows coders by erroneus · · Score: 5, Insightful

    If I'm not mistaken, this is how Windows got as bad as it is.

    This particular incident cannot be protested enough. If this sort of thing becomes common, End-user Linux will become as corrupted as Windows.

    1. Re:Windows coders by erroneus · · Score: 5, Interesting

      No, that is not my point.

      As the PC developed, IO calls were to be linked through the BIOS. The idea was that each device was to have a ROM that linked itself to the system's BIOS and that there would be a more unified system for handling I/O. Well, for most people, BIOS wasn't fast enough so people started writing code to work around it. And that's where the PC's "bad programming habits" began and it just got worse from there.

      Now, instead of people using the Windows API properly, people are using undocumented APIs that are subject to undocumented change, people are still trying to squeeze more performance from their apps by moving code into ring-0 virtual driver code. If you don't already know, "ring-0" means the code has access to the entire machine and all memory. And when apps misbehave, they are flying without a net since the ring-1 and above offer levels of "protection" from misbehaving or malfunctioning apps.

      This culture of performance over stability and proper coding methods has undermined the security and stability of Windows. I'm not going to assert whether or not Microsoft is partly to blame or has any blame in this. But I will say that Windows coders have bad habits that are quite common and prevalent.

      As Linux coders grow in numbers, it is more and more important that things like abusing root or setting up kernel modules unnecessarily should be protested and prevented at every turn. To not fight it could result in the same problems and reputation that Windows now enjoys.

  3. Install applications as root by Simon+(S2) · · Score: 5, Interesting

    I find it very disappointing anyway that anything you install on ubuntu is installed as root (at least that is the default way of doing it). Wouldn't it be übercool to be able to install applications as the local user, and drivers maybe as the "driver" user? I still think The Zero Install system is a nice and secure way to install software, and maybe one day we can extend this to install drivers as well, so that root access will almost never be required (a bit like Plan 9, or what SE Linux is trying to do).

    --
    I just don't trust anything that bleeds for five days and doesn't die.
  4. Re:to be fair by Anonymous Coward · · Score: 5, Insightful

    no user is going to be able to install such a dangerous "driver" without root access in the first place-- anyone can build a program, intentionally or accidently, that comprimises a system when ran/installed as root

    Yes, but when you install a driver, you normally assume that it's not going to make your system insecure. Why should it? Only a very badly designed driver would deliberately break your system security.

    Sometimes drivers do accidentally introduce security problems. The Nvidia drivers for X have done this in the past, for example. In those cases, it's not bad design, it's an oversight of some sort, like a buffer overflow.

    But this is not an oversight. A deliberate design decision has been made to break the Linux security model. A very special type of stupidity is involved: one that includes an understanding of the effects of the setuid bit, but excludes an understanding of the security implications.

    Samsung should investigate this fully - who knows what other retarded decisions have been made by these guys?

  5. I agree, BUT by PetriBORG · · Score: 5, Insightful
    I agree with what you said, BUT...

    Stop with your lame "thousand eyes" theory. Apparently those thousand eyes couldn't see a permissions change on their own systems. This is uncalled for, because as can be see on the ubuntu forums you can clearly see it was the "thousand eyes" reality that caught this problem in the first place and found the solution to remove parts from the install script.

    wrap_setuid_third_party_application xsane
    wrap_setuid_third_party_application xscanimage
    wrap_setuid_ooo_application soffice
    wrap_setuid_ooo_application swriter
    wrap_setuid_ooo_application simpress
    wrap_setuid_ooo_application scalc
    And the content of the function for suid-making functions etc. So I have to disagree with you there.

    I also agree with you though that linux distros should be automatically building in some sort of tripwire type setup to protect important system segments from scripts that are like this.

    --
    Pete/Petri "damn, my chainsaw is clogged with 1's and 0's again." --clyde
  6. Re:Flawed Design... by morgan_greywolf · · Score: 5, Informative
    I'm going to reply to your post backwards, but you'll see why.

    Unix security if just flawed and the flaw is called "root".


    There is a fix for this flaw. It's called 'groups.'

    Only when the little bugger of an hotplug-manager changes the user id for the scanner device to the logged on user. Which still only gives one user access to the scanner. Have my Wife remote logged in and only one of us can use the scanner.


    This is distro-dependant. On Ubuntu, scanner access is controlled by groups. Want a user to be able to scan? You add them to the scanner group. You want someone to have access to burn CDs/DVDs? You add them to the cdrom group. If the scanner device is owned by any user, and owned by the group scanner, the permissions on the scanning device are set to group read/write, and both you and your wife are in the scanner group, then you both have access to the scanner. Try it yourself. Problem solved.

    BTW--with SANE, the best way to have two people access the same scanner is via the saned network sharing mechanism, which allows other systems using xsane (or other sane front-end) to access the scanner over the network without having to remote login.
    --
    My blog