LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 02-01-2008, 07:50 PM   #1
M$ISBS
Member
 
Registered: Aug 2003
Posts: 820

Rep: Reputation: 30
How do I reset permissions? Security problem


I installed a third party Samsung printer driver and then I come to find out that theres a security problem with the driver resetting permissions of a whole bunch of files and directories.

Ever since I installed it ive been getting popups in opera that I never got before and KDE freezes up every so often, it never did before.

If possible, How do I reset the permissions back to whatever they were?

I dont know exactly what got changed though.
 
Old 02-01-2008, 08:06 PM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Are you referring to the SCX-4200 drivers? I actually remember seeing this last year. IIRC you basically just need to track-down the binaries which were SUID root by the installer and revert the changes. I was under the impression this problem had been fixed in a subsequent release, though.
 
Old 02-01-2008, 09:37 PM   #3
M$ISBS
Member
 
Registered: Aug 2003
Posts: 820

Original Poster
Rep: Reputation: 30
Unhappy

Quote:
Originally Posted by win32sux View Post
Are you referring to the SCX-4200 drivers? I actually remember seeing this last year. IIRC you basically just need to track-down the binaries which were SUID root by the installer and revert the changes. I was under the impression this problem had been fixed in a subsequent release, though.
Yes thats the one.
I dont know how to track down binaries, I dont even know what that means.
Could you give me a hint as to what do to and should I uninstall the samsung driver and try to manually install it?
 
Old 02-01-2008, 09:48 PM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by M$ISBS View Post
Yes thats the one.
I dont know how to track down binaries, I dont even know what that means.
Could you give me a hint as to what do to and should I uninstall the samsung driver and try to manually install it?
I did give you a hint - a giant one - in the form of a link. If you read through that thread you'll see that you basically just need to find a section in the installer script which shows you which files' permissions were changed by it. You can then use chmod to set the permissions back to normal. Let's try this first: Execute this command as root and post the output:
Code:
find / -type f -perm +4000
This way we'll know which binaries are SUID on your box, and we can tell you which ones were likely changed by the poorly designed installer. If you could also post exactly which version of the driver you have (and a link) it would be great.
 
Old 02-02-2008, 12:14 AM   #5
M$ISBS
Member
 
Registered: Aug 2003
Posts: 820

Original Poster
Rep: Reputation: 30
I did do find / -type f -perm +4000 from the other thread but I dont know what the output of that means.
Here it is........
/bin/su
/bin/ping
/bin/mount
/bin/ping6
/bin/umount
/usr/bin/at
/usr/bin/cu
/usr/bin/rcp
/usr/bin/rsh
/usr/bin/uux
/usr/bin/Xorg
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/kppp
/usr/bin/sudo
/usr/bin/uucp
/usr/bin/lppasswd
/usr/bin/crontab
/usr/bin/fileshareset
/usr/bin/chage
/usr/bin/traceroute6
/usr/bin/traceroute
/usr/bin/fdmount
/usr/bin/expiry
/usr/bin/kgrantpty
/usr/bin/newgrp
/usr/bin/passwd
/usr/bin/gpasswd
/usr/bin/rlogin
/usr/bin/start_kdeinit
/usr/bin/uuname
/usr/bin/uustat
/usr/bin/procmail
/usr/bin/kcheckpass
/usr/bin/kpac_dhcp_helper
/usr/sbin/uuxqt
/usr/sbin/uucico
/usr/libexec/ssh-keysign
/usr/libexec/pt_chown



This is the only info I have on the driver

20040224163459968_lpp-1.1.2-7-i386.tar.gz
 
Old 02-02-2008, 02:08 AM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by M$ISBS View Post
I did do find / -type f -perm +4000 from the other thread but I dont know what the output of that means.
It searches your system for files which are SUID.

Quote:
Code:
/bin/su
/bin/ping
/bin/mount
/bin/ping6
/bin/umount
/usr/bin/at
/usr/bin/cu
/usr/bin/rcp
/usr/bin/rsh
/usr/bin/uux
/usr/bin/Xorg
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/kppp
/usr/bin/sudo
/usr/bin/uucp
/usr/bin/lppasswd
/usr/bin/crontab
/usr/bin/fileshareset
/usr/bin/chage
/usr/bin/traceroute6
/usr/bin/traceroute
/usr/bin/fdmount
/usr/bin/expiry
/usr/bin/kgrantpty
/usr/bin/newgrp
/usr/bin/passwd
/usr/bin/gpasswd
/usr/bin/rlogin
/usr/bin/start_kdeinit
/usr/bin/uuname
/usr/bin/uustat
/usr/bin/procmail
/usr/bin/kcheckpass
/usr/bin/kpac_dhcp_helper
/usr/sbin/uuxqt
/usr/sbin/uucico
/usr/libexec/ssh-keysign
/usr/libexec/pt_chown
None of the binaries which are known to get changed by this vulnerability (xsane, xscanimage, soffice, swriter, simpress, and scalc) appear in your output.

Quote:
This is the only info I have on the driver

20040224163459968_lpp-1.1.2-7-i386.tar.gz
I downloaded that file and the installer doesn't have any of the SUID stuff which the one I looked at last year had. I suspect that the problem in question doesn't apply to this driver of yours. The fact that the CVE specifically mentions version 2.00.95 as the one affected seems to give this suspicion some weight. You could manually check those six binaries (with "ls -l") if you wanna make sure they have sane permissions. At this point I can, however, tell you that you haven't been hit by CVE-2007-3931 AFAICT. Could you have been referring to some other vulnerability?

Last edited by win32sux; 02-02-2008 at 02:19 AM.
 
Old 02-02-2008, 04:41 AM   #7
M$ISBS
Member
 
Registered: Aug 2003
Posts: 820

Original Poster
Rep: Reputation: 30
No, the one in link you provided is the same one I saw.
Well I guess thats good news and a coincident that my system started to act funny.
Now if I could just get my printer working that would be great.....

Thanks for the help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Reset permissions / GDX^ Debian 10 11-28-2007 09:46 AM
permissions reset on reboot trempel Fedora 11 08-18-2005 03:24 AM
APACHE Problem 2 dirs, identical permissions and security contexts, one gives 403? tones Linux - Software 2 03-13-2005 09:45 AM
Reset permissions spaceballs Slackware 8 03-02-2005 03:45 PM
File permissions keep getting reset johnsmith1899 Linux - Networking 4 05-19-2003 12:02 PM


All times are GMT -5. The time now is 03:37 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration