Samsung fixes its printer drivers [LWN.net]

One week ago we reported that Samsung's printer driver installation script compromised the security of the systems it was run on by turning a few small applications (like OpenOffice.org) into setuid root executables. We have just heard from Samsung that this problem has been fixed. A quick look at the new installer confirms that the calls making those applications setuid have been commented out, though the structure to do that work remains in place.

(Log in to post comments)

It's more than just sloppy security

Posted Jul 26, 2007 21:56 UTC (Thu) by pr1268 (subscriber, #24648) [Link]

Samsung did the right thing by patching their software, but this incident only highlights the possibility that many proprietary software vendors who ship software for Linux in addition to other operating systems/platforms may have a naïve attitude whilst keeping an overriding motivation to just "make the software work."

If Samsung had researched how to properly configure their print driver software to work without having to resort to using chmod 4711 then they wouldn't be in this mess after all.

This is exactly the kind of juicy story posted on Digg or Slashdot¹ that could give the public the wrong perception about Linux on the desktop.²

I admire Samsung's commitment to providing printers that work with a variety of operating systems, but they've got a minor PR faux pas on their hands. Kudos to the French Linux user who discovered and to LWN for reporting this.

¹ I haven't bothered looking for this on either site, but this story strikes me as prime fodder for either.

² I realize this isn't a Linux problem, but instead a Samsung print driver problem. But, some people apply associative thinking a little too liberally... I shudder to even imagine how Samsung's drivers function within the confines of Windows Vista's User Account Protection!