Re: GIMP/SANE PERMISSIONS

Douglas Gilbert (dgilbert@interlog.com)
Sun, 21 Nov 1999 21:39:57 -0500

Bob van der Poel wrote:
>
> Douglas Gilbert wrote:
> >
> > Oliver Rauch wrote:
> > >
> > > Bob van der Poel wrote:
> > >
> > > > What I did was to make xsane SUID. This leaves it's own problems....
> > >
> > > Hi Bob,
> > >
> > > I don`t think this is much better.
> > >
> > > I suggest to create a goup "sane" or "scanner" and
> > > make the relevant /dev/sg? device that group and mode 660
> >
> > I'm working on an additional interface to the Linux sg
> > driver which allows 2 ways to talk to the SCSI device:
> > 1) write() request then read() response [existing method]
> > 2) an ioctl() call SG_IO that has a similar effect
> >
> > Now 2) is new (for Linux) and will make for simpler interface
> > code and allow for more flexible sg device permissions.
> > [ Method 1) is staying for backward compatibility, polling,
> > aynchronous notification and multi-threaded work.]
> >
> > Now the sg device driver can do nothing about write
> > permissions being needed for method 1) because it involves
> > a write() system call. Method 2) doesn't have this restriction
> > but some care is needed. It is probably not a good idea to
> > let a user with only read permissions to a SCSI disk send
> > a WRITE or a FORMAT command to it. The logic for the
> > SG_IO ioctl() at the moment looks at the SCSI device type
> > (e.g. scanner, disk etc) and the SCSI coomand code. In the
> > case of a scanner it lets all SCSI commands through. Is this
> > a good idea or should some SCSI commands to a scanner be
> > restricted if a user does not have write permissions?
> >
> > Doug Gilbert
>
> I'm not an expert on permissions, etc. But... what you are doing sounds
> dangerous to me. I'd just leave the thing alone and let the user worry
> about one of many ways to access the device with read/write:
>
> SUID Root
> Run as root
> change the permissions on /dev/sg?
> set a group, sane, with read/write permissions
>
> I guess the advantage to running though ioctl() is that the user doesn't
> need to worry about setting permissions. But, in this case wouldn't ALL
> users get permission to use the scanner? Or even, not USE it, but write
> to it (which might be even more dangerous?).

Redhat 6.0 defaults "600" permissions on sg devices. Therefore
without read permissions, normal users cannot open sg devices.
One of the first questions I asked to a Linux newsgroup was
why a logical read operation such as scanning a document needed
write permissions. From memory the answer was something like
that that is just the way things are. Should it be?

Doug Gilbert

--
Source code, list archive, and docs: http://www.mostang.com/sane/
To unsubscribe: echo unsubscribe sane-devel | mail majordomo@mostang.com