Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I installed a third party Samsung printer driver and then I come to find out that theres a security problem with the driver resetting permissions of a whole bunch of files and directories.
Ever since I installed it ive been getting popups in opera that I never got before and KDE freezes up every so often, it never did before.
If possible, How do I reset the permissions back to whatever they were?
Are you referring to the SCX-4200 drivers? I actually remember seeing this last year. IIRC you basically just need to track-down the binaries which were SUID root by the installer and revert the changes. I was under the impression this problem had been fixed in a subsequent release, though.
Are you referring to the SCX-4200 drivers? I actually remember seeing this last year. IIRC you basically just need to track-down the binaries which were SUID root by the installer and revert the changes. I was under the impression this problem had been fixed in a subsequent release, though.
Yes thats the one.
I dont know how to track down binaries, I dont even know what that means.
Could you give me a hint as to what do to and should I uninstall the samsung driver and try to manually install it?
Yes thats the one.
I dont know how to track down binaries, I dont even know what that means.
Could you give me a hint as to what do to and should I uninstall the samsung driver and try to manually install it?
I did give you a hint - a giant one - in the form of a link. If you read through that thread you'll see that you basically just need to find a section in the installer script which shows you which files' permissions were changed by it. You can then use chmod to set the permissions back to normal. Let's try this first: Execute this command as root and post the output:
Code:
find / -type f -perm +4000
This way we'll know which binaries are SUID on your box, and we can tell you which ones were likely changed by the poorly designed installer. If you could also post exactly which version of the driver you have (and a link) it would be great.
I did do find / -type f -perm +4000 from the other thread but I dont know what the output of that means.
Here it is........
/bin/su
/bin/ping
/bin/mount
/bin/ping6
/bin/umount
/usr/bin/at
/usr/bin/cu
/usr/bin/rcp
/usr/bin/rsh
/usr/bin/uux
/usr/bin/Xorg
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/kppp
/usr/bin/sudo
/usr/bin/uucp
/usr/bin/lppasswd
/usr/bin/crontab
/usr/bin/fileshareset
/usr/bin/chage
/usr/bin/traceroute6
/usr/bin/traceroute
/usr/bin/fdmount
/usr/bin/expiry
/usr/bin/kgrantpty
/usr/bin/newgrp
/usr/bin/passwd
/usr/bin/gpasswd
/usr/bin/rlogin
/usr/bin/start_kdeinit
/usr/bin/uuname
/usr/bin/uustat
/usr/bin/procmail
/usr/bin/kcheckpass
/usr/bin/kpac_dhcp_helper
/usr/sbin/uuxqt
/usr/sbin/uucico
/usr/libexec/ssh-keysign
/usr/libexec/pt_chown
None of the binaries which are known to get changed by this vulnerability (xsane, xscanimage, soffice, swriter, simpress, and scalc) appear in your output.
Quote:
This is the only info I have on the driver
20040224163459968_lpp-1.1.2-7-i386.tar.gz
I downloaded that file and the installer doesn't have any of the SUID stuff which the one I looked at last year had. I suspect that the problem in question doesn't apply to this driver of yours. The fact that the CVE specifically mentions version 2.00.95 as the one affected seems to give this suspicion some weight. You could manually check those six binaries (with "ls -l") if you wanna make sure they have sane permissions. At this point I can, however, tell you that you haven't been hit by CVE-2007-3931 AFAICT. Could you have been referring to some other vulnerability?
No, the one in link you provided is the same one I saw.
Well I guess thats good news and a coincident that my system started to act funny.
Now if I could just get my printer working that would be great.....
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.