Major Security Hole In Samsung Linux Drivers 295
GerbilSoft writes with news of a major security hole in Samsung's proprietary Linux printer drivers. From the Ubuntu Forums: "Just to inform you about a recent post on the French Ubuntu forum about Samsung drivers (sorry, in French). [Google translation here.] It appears that Samsung unified drivers change rights on some parts of the system: After installing the drivers, applications may launch using root rights, without asking any password. What is more, you may be able to kill your system, by deleting system components, generally modifiable only by using sudo." GerbilSoft adds: "Among the programs that it sets as setuid-root are OpenOffice, xsane, and xscanimage."
suid is evil! (Score:2, Informative)
Nothing but the programs that absolutely have to should be run as root.
Is there an English (not some auto-translated forum) site covering this? I think its talking about this suid run printer driver [openprinting.org]?
Re:How come an app can do that? (Score:5, Informative)
However, it's a proprietary driver, that you need to install to use the printer, so if that's the printer you have people install it, expecting it not to create security holes.
This might have been discovered earlier, if it weren't for the closedness of the source.
My guess is that it happened due to a coder writing the driver so, it requires root to use it.
Then trying to guess which programs requires the driver, then setting those to run as root. Silly, but easy to do.
Sounds like it was done without peer review, so i guess they only have one guy writing their linux drivers..
So why is it proprietary? well some places printers are encouraged(required) by law (enforcement) to leave secret and invisible watermarks.
If it isn't done in the printer, it's done in the driver, if it's open, it'll be removed.
Re:suid is evil! (Score:5, Informative)
SUID does not have to set id to root; my printing scripts are all setuid to "lp"; my mail servers are suid to "mail". This is a good thing.
TWW
It come out... (Score:5, Informative)
For those who can't read French, the Ubuntu forum is just a posting of a link to another forum where it was noticed. The posting, along with the interesting source can be found at http://linuxfr.org/forums/15/22562.html [linuxfr.org] The interesting parts are:
The script copies the affected application's executable to one with a .bin extension, and replaces it with an suid wrapper script. This is undoable, but god, what a mess!
Okay, I couldn't overcome the lameness filter, go to the source to see for yourselves...
Flawed Design... (Score:2, Informative)
Unix security if just flawed and the flaw is called "root".
Martin
Re:Flawed Design... (Score:2, Informative)
Re:Install applications as root (Score:4, Informative)
a) going to need write access to all the usual locations (either
b) going to need to use some middleware that *does* have rwx access to
"Driver" installs just need access to
Fact of the matter is that whatever user/process has the rights to install apps has the rights to fuck them up as well. Much like how windows can't help it if the user runs trojan_setup.exe.
As ther other poster noticed, things like SELinux offer incredibly fine grained access over what various users can and can't do, and if you go through the (fairly considerable) pain of setting it up it can give you an amazingly secure setup, but there's no way in hell it'd fly with everyday users or even most sysadmins. This is why Linux distros take such care with package management and like to retain control over their repositories - because they can't risk a third party, closed source package coming in and accidentally running a chmod -R 777 / on install. When you're dealing with companies that seemingly have little knowledge of Linux development and security models, this is a very real threat.
Re:Flawed Design... (Score:5, Informative)
There is a fix for this flaw. It's called 'groups.'
This is distro-dependant. On Ubuntu, scanner access is controlled by groups. Want a user to be able to scan? You add them to the scanner group. You want someone to have access to burn CDs/DVDs? You add them to the cdrom group. If the scanner device is owned by any user, and owned by the group scanner, the permissions on the scanning device are set to group read/write, and both you and your wife are in the scanner group, then you both have access to the scanner. Try it yourself. Problem solved.
BTW--with SANE, the best way to have two people access the same scanner is via the saned network sharing mechanism, which allows other systems using xsane (or other sane front-end) to access the scanner over the network without having to remote login.
English Non-Google'd Translation (Score:4, Informative)
After I installed the unified drivers for my Samsung printer/scanner, I had the unwelcome surprise of discovering that OpenOffice now opens as root, and not only that but did not ask for my password!
As a result, all documents I created were saved in the
I attempted to re-install
The beast (the problem) is occuring under Ubuntu 7.04 under Gnome.
Thank You.
Après avoir installé les drivers unifiés de Samsung pour gérer mon imprimante scanner, j'ai eu la très mauvaise surprise de constater que la suite openoffice s'ouvrait en root et ceci sans que me soit demandé le moindre mot de passe !!!
Du coup, les documents que je crée s'enregistrent dans le dossier
A tout hasard j'ai réinitialisé le
La bête est sous Ubuntu 7.04 et gnome. En attendant vote aide, je cherche et tente de résister au désespoir le plus sombre !
Merci
Blown out of proportion? (Score:5, Informative)
Printer drivers need to be installed with world execute permissions so that all users on the system can access the printer. The Samsung hacker's method of doing this, converting them to 4755 bin files and setting the original name as a link to the bin files, is one way of doing that -- IF his "unwrap" function had worked properly. That's the bug. Listed in the posting are files whose permissions need to be modified after the driver is installed.
Re:Lazy Design... (Score:4, Informative)
Re:Lazy Design... (Score:3, Informative)
In my opinion, the manager is responsible for the conduct of the employees. Taking responsibility for those working under you is a fundamental part of good leadership. Its the manager's job to check the employee's work to make sure that it meets quality criteria. In this case the manager failed in his or her supervisory duties.
The bug is that it doesn't properly UN-SUID them. (Score:2, Informative)
If it wasn't a management decision to start with (Score:3, Informative)
And that includes the fact that it probably wasn't a programmer/architect that made the installer anyway. The drive for cost cutting includes the idea of giving each job to the lowest wage monkey who can possibly do it. So it's not entirely unheard of to offload to the cheapest interns or even to underused non-technical members of the team stuff like making an installer or writing the test cases.
In which case probably some under-paid and under-skilled monkey got the honour of figuring out how to install that stuff in Linux. These aren't typically the kind of guys you'd ask to do a security analysis and design, and they're not given ample times and funds for research either. So he'll google if he has a problem (like how to make some nice config dialog modify a file that was installed as writable by root only), and take the first thing that sorta looks like a solution.
Plus a few other such fun ways to fuck up in the name of keeping the costs down.
Mind you, I'm not saying this has to be what happened at Samsung. Just saying that I've seen that and worse happening in other places, so I wouldn't be too surprised.