This driver version is for legacy XP-PEN graphics tablets (such as Star V2, Deco Mini7, etc.), for newer models use this package.

Following an issue on xp-pen-tablet, also maintained by @labaman, the install script introduces a privilege escalation vulnerability by giving every user write privileges on .so files:

chmod +0755 $DesktopDir/$appDesktopName
chmod +0644 $AppIconDir/$appIconName
chmod +0755 $appDir/$AppName
chmod +0755 $appDir/$exeShell
chmod +0666 $appDir/resource.rcc
chmod +0666 $confPath/config.xml
chmod +0666 $confPath/language.ini
chmod +0666 $confPath/name_config.ini

chmod +0666 $libPath/libicudata.so.56
chmod +0666 $libPath/libicui18n.so.56
chmod +0666 $libPath/libicuuc.so.56
chmod +0666 $libPath/libQt5Core.so.5
chmod +0666 $libPath/libQt5DBus.so.5
chmod +0666 $libPath/libQt5Gui.so.5
chmod +0666 $libPath/libQt5Network.so.5
chmod +0666 $libPath/libQt5Widgets.so.5
chmod +0666 $libPath/libQt5X11Extras.so.5
chmod +0666 $libPath/libQt5XcbQpa.so.5
chmod +0666 $libPath/libQt5Xml.so.5

chmod +0666 $platPath/libqxcb.so

This means that any user can change the code of these libraries to introduce malicious code, and if another (hopefully more privileged) user starts the xp-pen driver, that malicious code will be executed with their privileges.

I can think of no reason for these files to be writable by anyone and in light of the security vulnerability it introduces, the install script should be modified.

In the meantime users should change the permissions of all writable files in /usr/lib/pentablet/, in particular in lib/ and platforms/ which contain .so files.

@touhidulshawan Ive been havin the same problem lookin to find a fix my self but no one seems to really have a fix as Ive been combing the internet myself for one

Title: XP-Pen driver freezes tablet input on Xorg (works only when driver is closed)

Description: Recently I am facing a problem, my XP-Pen Deco Fun XS tablet stopped working properly when the this driving is running, the tablet freezes and doesn’t respond, cursor does not move with pen. But when I close or kill the driver, the tablet starts working again.

Is anyone facing this problem. I tried both driver this and that for newer model. I am facing problem on both xorg and wayland. If anyone faced this problem can you tell me how you fix that issue. It will be very helpful for me

@sanbikappa, I apologize for the long response. Suggestions were accepted, I guess I'll apply them to the “current” version of the drivers as well. Thanks again!

Thanks @sanbikappa

Wish I'd have read your comment, the systemd, xdg, and udev additions are extremely useful. For anyone else here's a minimal patch:

From c7e9bdb5a1864202832609e4a8cc6f61e0d05479 Mon Sep 17 00:00:00 2001
From: Self Denial <root@localhost>
Date: Tue, 29 Oct 2024 11:47:03 -0600
Subject: [PATCH] Update to 3.4.9 build 240607

---
 PKGBUILD | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/PKGBUILD b/PKGBUILD
index 2aa461e..3d2ae1d 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -2,17 +2,17 @@

 pkgname=xppenlinux-v3
 pkgver=3.4.9
-pkgrel=231023
+pkgrel=240607
 epoch=0
 pkgdesc="XP-Pen (Official) Linux utility for legacy XPPen Tablets"
 arch=('x86_64')
 url='https://www.xp-pen.com/download/index.html'
 license=('custom')
 conflicts=('xp-pen-tablet')
-source=("XPPenLinux${pkgver}-${pkgrel}.tar.gz::https://www.xp-pen.com/download/file/id/1936/pid/1016/ext/gz.html")
+source=("XPPenLinux${pkgver}-${pkgrel}.tar.gz::https://www.xp-pen.com/download/file/id/2901/pid/68/ext/gz.html")
 install=${pkgname}.install

-sha512sums=('3732abdb444ae6ee0ff585b8fadb750761f194936054c392a3cf0e93f59468acedff79e864f6e751aac2b398e0ba6d951b55048ffe11bcb68c5b690062adf441')
+sha512sums=('40598c05d5ada0bd7a874b943e7819d6ffd0ef79d77e7433f814cfdc885846cc49276e1162e082bfe03f76b17f095323abfb8d5108f444cd30a685a0e0826ca4')


 package() {
-- 
2.47.0

FYI.
1.update to 3.4.9-240607;
2.using systemd user service instead of xdg autostart;
3.using udev uaccess for device permission;
PKGBUILD
xppenlinux-v3.install

This driver version is for legacy XP-PEN graphics tablets (such as Star V2, Deco Mini7, etc.), for newer models use this package.