On Wed, 23 Feb 2000, Oliver Rauch wrote:
> Peter Hackenberg wrote:
>
> > >
> > > > BTW, as root I can't find the xsane binaries once built and installed...
> > > > I will learn how to modify the path. :-)
> > >
> > > Do not run xsane as root!
> > >
> >
> > Be careful with this, because the SCSI devices are assigned to
> > /dev/sg* at boot time. If some of your SCSI devices are switched off
> > at boot time, your scanner device file (e.g. /dev/sg2) may then
> > be pointing to your hard disk.
> >
>
> I think about adding a "root" test to xsane so that xsane exits when
> started as root.
That's too restrictive. Sometimes you just want to test as root
whether something works or not. Print some (annoying) warning
message instead.
Not running xsane with uid root will only avoid some security
problems. But it cannot restrict xsane (or xscanimage or ...) from
accidently accessing a sensitive device.
Given that under "regular" conditions, i.e. all scsi devices are switched
on at boot time,
crw-rw---- root disk /dev/sg2 # scanner
crw-rw---- root disk /dev/sg3 # some sensitive device
and you reboot with the scanner switched off, then /dev/sg2 points
to the sensitive device. That is the reason why
crw-rw-rw- root disk /dev/sg2
should be avoided. But then xsane must be setgid disk
-rwxr-sr-x root disk xsane
if you don't want to run xsane as root (what you also should not do).
The "obvious" solution to give the "sensitive device" a lower scsi number
than the scanner is not feasible if that device must have a higher
priority. It also fails if you dynamically load/delete scsi devices.
I do suggest to eliminate the /dev/scanner symlink business totally,
because it is not unlikely that it points to the wrong device.
Peter
-- Source code, list archive, and docs: http://www.mostang.com/sane/ To unsubscribe: echo unsubscribe sane-devel | mail majordomo@mostang.com
This archive was generated by hypermail 2b29 : Thu Feb 24 2000 - 02:02:03 PST