Return to the Security page

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page

Weekly edition	Kernel	Security	Distributions	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ

Samsung printer drivers open up the system

[Posted July 18, 2007 by corbet]

A LinuxFR reader has sent out an alert (in French) about the Samsung SCX-4200 printer driver for Linux. It appears that the driver author had some trouble with the Linux permission model; the response was to make a few applications run setuid root. A quick look at the install script shows that the affected programs are xsane, xscanimage, and the major OpenOffice.org components. The script also replaces some CUPS executables and does some other fun things. This seems like code to avoid for anybody wanting to run a remotely secure system.

(Log in to post comments)

Posted Jul 18, 2007 13:40 UTC (Wed) by cortana (subscriber, #24596) [Link]

A nice demonstration that one should never stray outside of their distribution's package archive.

Or at least, it is a demonstration that if one really needs to do so, one shouldn't go about it in the manner of a Windows user, and download an unaudited executable from an untrusted and unverified third-party web site, and execute it with full system privileges.

Samsung printer drivers open up the system

Posted Jul 18, 2007 14:00 UTC (Wed) by nix (subscriber, #2304) [Link]

I suppose that's better than the Samsung ML-2250 printer driver, which
replaces bits of CUPS with binary-only stuff and then refuses to do
anything but dump core.

Oddly I decided to use pxlmono instead, even if it does halve my printer's
resolution to do so.

Samsung printer drivers open up the system

Posted Jul 19, 2007 11:40 UTC (Thu) by Tom2 (guest, #43780) [Link]

I wonder if there's a business model in there somewhere...

Ship a Linux distribution so insecure that installing a mere printer driver can compromise the whole system without the user even realising.
Scared users now only run software from your repository, passing up competitors' software.
Profit?

Samsung printer drivers open up the system

Posted Jul 18, 2007 15:34 UTC (Wed) by drag (subscriber, #31333) [Link]

This is the sort of thing I had to deal with when I was a admin assistant for a few hundred OS X machines a few years ago.

Every time you'd install some sort of big-name application you'd have to go and run a permissions repair on OS X because of the widespread changes those apps would do on a system.

Don't ask me why, or what exactly. A permissions repair was just one of those little Apple voodoo things that you had to do periodicly to keep the machines from crashing or doing bad things.

(Plus HFS+ sucks badly, but that's a entirely different story.)

This, and my Windows experiance, shows that this sort of behavior and attitude is normal for consumer-grade closed source software. Sure for 'Enterprise' applications those companies know that customers are generally savy enough to complain when they behave badly with the system, but for consumer-grade stuff I think it's normal just to not give a F***.

If changing permissions around to setuid root would be handy way to avoid a certain class of support issues, I am sure they would happily do it.

Samsung printer drivers open up the system

Posted Jul 18, 2007 16:31 UTC (Wed) by cortana (subscriber, #24596) [Link]

Yikes! How do you know that the installer didn't alter the function of the 'permission repair' utility so that its amended permissions weren't applied? :)

Samsung printer drivers open up the system

Posted Jul 19, 2007 12:02 UTC (Thu) by drag (subscriber, #31333) [Link]

Because if it did that then the permission repair app wouldn't spit warnings at me saying that it had to change a bunch of permissions. :-)

If anybody reading this has OS X and like to try out permission repair tool, be sure to never use the tool on the installation cdrom.

The corrent way to go about repairing FS problems with OS X is to boot up using the OS X disk and running disk check and repair stuff from that. Then once that is done boot up and then run the permission repair from the utility folder. The reason for this is that Apple likes to change file permissions around for different updates so the permissions that the install cdrom thinks the FS should have is almost always wrong in one way or another. :-)

I got used to doing that.

Apparently people don't understand that they have to run 'shutdown' on the computer FIRST, then hit the power strip. If they go for the power strip first then the shutdown stuff didn't work. Some people seemed to have difficulty grasping that concept.

Timely warning - I was about to buy a Samsung printer

Posted Jul 18, 2007 16:07 UTC (Wed) by sjj (guest, #2020) [Link]

Just in case anybody from Samsung is reading: I bought a Xerox printer instead. Life is way too short for this kind of hassle.

Timely warning - I was about to buy a Samsung printer

Posted Jul 18, 2007 16:33 UTC (Wed) by cortana (subscriber, #24596) [Link]

Careful, several Xerox printers are merely rebadged Samsungs, like the piece of crap that is the Xerox Phaser 6100N that I have to deal with at work... :(

Timely warning - I was about to buy a Samsung printer

Posted Jul 18, 2007 20:35 UTC (Wed) by sjj (guest, #2020) [Link]

That is true for many HP models as well. Just like James Fallows' recent Atlantic article mentioned three "competing" laptop brands coming off a single assembly line in China. Xerox 6120/N is Postscript 3, yay for standards.

Samsung printer drivers open up the system

Posted Jul 18, 2007 16:24 UTC (Wed) by rgmoore (subscriber, #75) [Link]

I think that this is an example of a real and serious class of security problems. Too many developers fail to consider security when they design their software, so it turns out not to work when they move to an environment that has a more restrictive, or simply different, security environment from their development system. Instead of stepping back and changing their software to work with the more restrictive permissions, they change the permissions to match their initial assumptions. My experience with Windows is that the tendency to run everything as Administrator is primarily a way of avoiding permissions problems, and now it seems that developers who are used to that solution are moving to Linux as well.

Samsung printer drivers open up the system

Posted Jul 18, 2007 17:48 UTC (Wed) by Ed_L. (guest, #24287) [Link]

Yeah, but we should be glad that Windows developers *are* moving, or at least trying to support, Linux as well. The solution, I think, is by way of tactful but FIRM education. We'd really like to have these guys, just not at all costs.

Certainly not at the cost of security, which is one of Linux/Solaris/*BSD's biggest draws over Windows. If any Windows developers are reading this, I did have one Windows-only app that I really really liked: BeigeBag Spice. But I stopped using it, AND stopped paying for version upgrades, after a minor-release maintenance "upgrade" suddenly forced me to start running the program as Administrator. Just no excuse for that. None whatsoever.

Samsung printer drivers open up the system

Posted Jul 19, 2007 5:36 UTC (Thu) by jhs (subscriber, #12429) [Link]

Agreed. World domination is achieved now that we have inherited the world's Windows developers. Certainly, greener pastures must lie ahead.

repackaged SCX-4100 driver

Posted Jul 19, 2007 6:11 UTC (Thu) by gvy (guest, #11981) [Link]

v1.x for Samsung SCX-4100 was rather insane too (breaking system Qt as well) -- that's on driver CD. Reportedly 2.x is better but I've settled with repackaged/sanitized 1.x RPM found here:

http://hathawaymix.org/Weblog/2005-07-15
http://oskari.saarenmaa.fi/rpm/

If anyone has contacts inside Samsung and (even more important to me now) Canon software/driver development, please drop a note to shigorin gmail com -- last time I've tried to submit patches for cndrvcups-1.10, that failed miserably (not fixed in 1.20, had to re-patch and finally gave up with rebuilding packages for our purposes -- using provided binary builds 1.30--1.50).

Samsung printer drivers open up the system

Posted Jul 19, 2007 7:26 UTC (Thu) by MKallas (guest, #38539) [Link]

This is the reason why only hardware with free software drivers should be used. The former linuxprinting.org lists some models as suggested printers, but the database also contains entries with proprietary drivers (like Lexmark...) so you always need to double-check.

Samsung printer drivers open up the system

Posted Jul 19, 2007 17:51 UTC (Thu) by gtaylor6 (subscriber, #19812) [Link]

This is the reason why only hardware with free software drivers should be used.

Indeed!

The former linuxprinting.org [...] also contains entries with proprietary drivers

It had better not, or I'll be mighty upset. What non-free drivers are listed?

The foomatic project does not exist to provide support for non-free drivers; such drivers--even when they run--are a disservice to users. If there has been some change in this policy by the current foomatic/lp.org maintainers, that would be a big problem. But I'm sure it's just a mistake.

Samsung printer drivers open up the system

Posted Jul 19, 2007 19:11 UTC (Thu) by MKallas (guest, #38539) [Link]

To put it right: It was user-edited and non-verified data that I encountered.
The case I met was Lexmark. I moved it (z600 series) to "paperweight".

Samsung printer drivers open up the system

Posted Jul 20, 2007 5:08 UTC (Fri) by gtaylor6 (subscriber, #19812) [Link]

Ah, yes, all is well then; the z600 is indeed a "paperweight" in foomatic terms. It's fine for foomatic to include negative free software data like that, just so there's no foomatic entry for the *driver*.

FWIW, the end-user Lexmark driver binary may be borderline obsolete, but Lexmark does also distribute more or less the same thing in link kit form as part of a DDK for Linux. I have actually used this kit to prepare a non-free driver for a client's Lexmark-based print-a-majig. The libraries and sample app will compile and link just fine on modern Linux.

That said, it's not worth the trouble to try and make up an end-user driver from the ddk. The result would be non-free, binary, and unsupportable; all just to drive a disposable printer.

Samsung printer drivers open up the system

Posted Jul 19, 2007 17:03 UTC (Thu) by vmole (subscriber, #111) [Link]

[Steve crosses Samsung off of list of acceptable vendors].

Samsung printer drivers open up the system

Posted Jul 20, 2007 9:13 UTC (Fri) by nix (subscriber, #2304) [Link]

Some of their printers are extremely cheap (I got a mono laser for fifty quid) and are perfectly well supported by e.g. pxlmono (as long as you don't mind 600dpi output).

It's just that they don't grok the free software world yet. Duh, they're a Far Eastern hardware company, none of them grok the free software world at all. At least Samsung know Linux exists (even if they seem a bit clueless about what it is).

Samsung printer drivers open up the system

Posted Jul 20, 2007 3:04 UTC (Fri) by dkite (guest, #4577) [Link]

I really don't understand why they don't use the existing distribution
mechanisms in Linux. All they need to do is publish the necessary
information, and someone will take it and include it.

I used a Samsung laser printer for a while. Nice, cheap to run. Drivers
were an absolute pain. I refuse to use a printer that won't work with
apt-get or whatever distro setup.

Derek

Samsung printer drivers open up the system

Posted Jul 20, 2007 5:56 UTC (Fri) by gtaylor6 (subscriber, #19812) [Link]

Because those are actual user requirements, and one can hardly market a product that only does just what the user asked for. Where would be the marketing in that? ;)

Seriously, these vendor driver kits stem from well-intentioned projects which invariably acquire a difficult mix of checklist and product differentation requirements derived from the corresponding Windows driver. The canonical example is an interactive user job submission dialog with the printer vendor logo and picture of the printer showing input and output trays, where the staples will go, etc. A lot of it is actually quite reasonable user experience stuff.

Unfortunately, the Linux printing infrastructure was designed without printer vendor input (arguably without user input either ;) so it provides a rather poor set of tools for implementing anything even remotely flexible, interactive, flashy, or branded. So the kits all include bizzare klunky pointy-clicky client apps, admin tools, etc; most of which have to do horrible broken things to "get around" the features of the platform.

So, it's a bit self-defeating -- the vendors aren't overly keen to distribute an essentially unbranded driver with no differentiating interface features, and the distributors won't touch the resulting non-free crazy broken driver+interface kits with a ten foot pole. In practice, then, the vendors are forced to play distributor, with predictably poor results.

I'm actually amazed that they still bother. Both Samsung and Lexmark (see other thread above) have been providing inarguably klunky binary Linux drivers for many devices for roughly a decade. Somehow they must be getting data that suggests these things are a success.

Samsung printer drivers open up the system

Posted Jul 20, 2007 14:16 UTC (Fri) by tzafrir (subscriber, #11501) [Link]

I wouldn't use htose drivers unless I really really must. And yes, this sets me to buy HP. I really can't understand what good feedback they get. I see so much bad feedback about those drivers and how they don't work.

Drivers in Linux should come with the distribution. There are a host of ways to get your logo on oyur print dialog without building a complete set of printing software yourself.