Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security

Major Security Hole In Samsung Linux Drivers 295

Posted by kdawson from the drive-a-truck-through dept.
GerbilSoft writes with news of a major security hole in Samsung's proprietary Linux printer drivers. From the Ubuntu Forums: "Just to inform you about a recent post on the French Ubuntu forum about Samsung drivers (sorry, in French). [Google translation here.] It appears that Samsung unified drivers change rights on some parts of the system: After installing the drivers, applications may launch using root rights, without asking any password. What is more, you may be able to kill your system, by deleting system components, generally modifiable only by using sudo." GerbilSoft adds: "Among the programs that it sets as setuid-root are OpenOffice, xsane, and xscanimage."
Software

Submission + - Samsung Linux printer driver sets OO as root

Submitted by Anonymous Coward
An anonymous reader writes: The April 2007 Samsung Linux printer drivers "update" many applications, including OpenOffice.org, to open with root permissions. http://linuxfr.org/comments/850495,1.html, shows the installation script and the whole story is at http://linuxfr.org/forums/15/22562.html

Originally found on digg at http://digg.com/linux_unix/Samsung_Linux_printer_d river_modifies_the_permissions_of_many_executables 1 by apterium — http://digg.com/users/apterium
Security

Secretly Monopolizing the CPU Without Being Root 250

Posted by CmdrTaco from the because-you-shouldn't dept.
An anonymous reader writes "This year's Usenix security symposium includes a paper that implements a "cheat" utility, which allows any non-privileged user to run his/her program, e.g., like so 'cheat 99% program' thereby insuring that the programs would get 99% of the CPU cycles, regardless of the presence of any other applications in the system, and in some cases (like Linux), in a way that keeps the program invisible from CPU monitoring tools (like 'top'). The utility exclusively uses standard interfaces and can be trivially implemented by any beginner non-privileged programmer. Recent efforts to improve the support for multimedia applications make systems more susceptible to the attack. All prevalent operating systems but Mac OS X are vulnerable, though by this kerneltrap story, it appears that the new CFS Linux scheduler attempts to address the problem that were raised by the paper."
Handhelds

Submission + - DVD Jon releases iPhone hack

Submitted by Anonymous Coward
An anonymous reader writes: Engadget has a story up on DVD-Jon releasing a hack which lets you activate an iPhone without going through AT&T.

A little hex editing of iTunes, a little hostfile hacking, a little program called Phone Activation Server v1.0, and you're on your way to an AT&T service free iPhone, friend. That's right, Jon, knock that toxic AT&T-tied iPod-coffee out of Steve's hand. Ok, so apparently the phone still doesn't work (we wonder if there isn't some kind of mechanism that binds the iPhone to select AT&T SIMs), so it's not like it's an unlocked device, but at least you can now use it as "the best iPod [Apple's] ever made."
Security

Submission + - DVD Jon Activates IPhone Without AT&T

Submitted by igothandle
igothandle writes: From DVD Jon's Blog: I've found a way to activate a brand new unactivated iPhone without giving any of your money or personal information to AT&T NSA.
Portables (Apple)

Submission + - DVD Jon Unlocks the iPhone

Submitted by i_like_spam
i_like_spam writes: Jon Lech Johansen, aka DVD Jon, has struck again. On his blog, he claims to have activated an iPhone without intiating a contract with AT&T. The activated phone cannot be used for calls through AT&T's network, but all other functionalities are open (iPod, WiFi, etc). He's even created a package to activate your iPhone too!

Slashdot Top Deals

The moon is made of green cheese. -- John Heywood

Close