LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   How do I reset permissions? Security problem (http://www.linuxquestions.org/questions/linux-security-4/how-do-i-reset-permissions-security-problem-618054/)

M$ISBS 02-01-2008 06:50 PM

How do I reset permissions? Security problem
 
I installed a third party Samsung printer driver and then I come to find out that theres a security problem with the driver resetting permissions of a whole bunch of files and directories.

Ever since I installed it ive been getting popups in opera that I never got before and KDE freezes up every so often, it never did before.

If possible, How do I reset the permissions back to whatever they were?

I dont know exactly what got changed though.

win32sux 02-01-2008 07:06 PM

Are you referring to the SCX-4200 drivers? I actually remember seeing this last year. IIRC you basically just need to track-down the binaries which were SUID root by the installer and revert the changes. I was under the impression this problem had been fixed in a subsequent release, though.

M$ISBS 02-01-2008 08:37 PM

Quote:

Originally Posted by win32sux (Post 3043060)
Are you referring to the SCX-4200 drivers? I actually remember seeing this last year. IIRC you basically just need to track-down the binaries which were SUID root by the installer and revert the changes. I was under the impression this problem had been fixed in a subsequent release, though.

Yes thats the one.
I dont know how to track down binaries, I dont even know what that means. :(
Could you give me a hint as to what do to and should I uninstall the samsung driver and try to manually install it?

win32sux 02-01-2008 08:48 PM

Quote:

Originally Posted by M$ISBS (Post 3043135)
Yes thats the one.
I dont know how to track down binaries, I dont even know what that means. :(
Could you give me a hint as to what do to and should I uninstall the samsung driver and try to manually install it?

I did give you a hint - a giant one - in the form of a link. If you read through that thread you'll see that you basically just need to find a section in the installer script which shows you which files' permissions were changed by it. You can then use chmod to set the permissions back to normal. Let's try this first: Execute this command as root and post the output:
Code:

find / -type f -perm +4000
This way we'll know which binaries are SUID on your box, and we can tell you which ones were likely changed by the poorly designed installer. If you could also post exactly which version of the driver you have (and a link) it would be great.

M$ISBS 02-01-2008 11:14 PM

I did do find / -type f -perm +4000 from the other thread but I dont know what the output of that means.
Here it is........
/bin/su
/bin/ping
/bin/mount
/bin/ping6
/bin/umount
/usr/bin/at
/usr/bin/cu
/usr/bin/rcp
/usr/bin/rsh
/usr/bin/uux
/usr/bin/Xorg
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/kppp
/usr/bin/sudo
/usr/bin/uucp
/usr/bin/lppasswd
/usr/bin/crontab
/usr/bin/fileshareset
/usr/bin/chage
/usr/bin/traceroute6
/usr/bin/traceroute
/usr/bin/fdmount
/usr/bin/expiry
/usr/bin/kgrantpty
/usr/bin/newgrp
/usr/bin/passwd
/usr/bin/gpasswd
/usr/bin/rlogin
/usr/bin/start_kdeinit
/usr/bin/uuname
/usr/bin/uustat
/usr/bin/procmail
/usr/bin/kcheckpass
/usr/bin/kpac_dhcp_helper
/usr/sbin/uuxqt
/usr/sbin/uucico
/usr/libexec/ssh-keysign
/usr/libexec/pt_chown



This is the only info I have on the driver

20040224163459968_lpp-1.1.2-7-i386.tar.gz

win32sux 02-02-2008 01:08 AM

Quote:

Originally Posted by M$ISBS (Post 3043264)
I did do find / -type f -perm +4000 from the other thread but I dont know what the output of that means.

It searches your system for files which are SUID.

Quote:

Code:

/bin/su
/bin/ping
/bin/mount
/bin/ping6
/bin/umount
/usr/bin/at
/usr/bin/cu
/usr/bin/rcp
/usr/bin/rsh
/usr/bin/uux
/usr/bin/Xorg
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/kppp
/usr/bin/sudo
/usr/bin/uucp
/usr/bin/lppasswd
/usr/bin/crontab
/usr/bin/fileshareset
/usr/bin/chage
/usr/bin/traceroute6
/usr/bin/traceroute
/usr/bin/fdmount
/usr/bin/expiry
/usr/bin/kgrantpty
/usr/bin/newgrp
/usr/bin/passwd
/usr/bin/gpasswd
/usr/bin/rlogin
/usr/bin/start_kdeinit
/usr/bin/uuname
/usr/bin/uustat
/usr/bin/procmail
/usr/bin/kcheckpass
/usr/bin/kpac_dhcp_helper
/usr/sbin/uuxqt
/usr/sbin/uucico
/usr/libexec/ssh-keysign
/usr/libexec/pt_chown


None of the binaries which are known to get changed by this vulnerability (xsane, xscanimage, soffice, swriter, simpress, and scalc) appear in your output.

Quote:

This is the only info I have on the driver

20040224163459968_lpp-1.1.2-7-i386.tar.gz
I downloaded that file and the installer doesn't have any of the SUID stuff which the one I looked at last year had. I suspect that the problem in question doesn't apply to this driver of yours. The fact that the CVE specifically mentions version 2.00.95 as the one affected seems to give this suspicion some weight. You could manually check those six binaries (with "ls -l") if you wanna make sure they have sane permissions. At this point I can, however, tell you that you haven't been hit by CVE-2007-3931 AFAICT. Could you have been referring to some other vulnerability?

M$ISBS 02-02-2008 03:41 AM

No, the one in link you provided is the same one I saw.
Well I guess thats good news and a coincident that my system started to act funny.
Now if I could just get my printer working that would be great..... :)

Thanks for the help.


All times are GMT -5. The time now is 06:39 AM.