Kevin Dalley wrote:
> This problem was reported by a Debian user with xsane-0.49.
>
> With this version of xsane it is possible to let a user overwrite his
> own files. Take for example user A with UID 1000 and user B who wants
> to overwrite a file of A. In this case B creates a symlink
> /tmp/preview-level-0-1000-mustek:_dev_sg1.ppm (1000 is the UID of user
> A, mustek:_dev_sg1.ppm is the specification of the scanner) to some
> file owned by user A, which B wants to be overwritten. If user A uses
> xsane in combination with the preview window the next time, it will
> overwrite the file, where the symlink points to, without asking
> before.
>
Hi Kevin,
I can not imagen how that can happen,
here is the relevant part of the xsane-0.49 source:
remove(filename); /* remove existing preview */
umask(0177); /* creare temporary file with "-rw-------" permissions */
out = fopen(filename, "w");
umask(XSANE_DEFAULT_UMASK); /* define new file permissions */
The temporary file or symlink is deleted before the new one is opend.
I tested it the way you described it and everything works fine here,
the file to which the symlink points keeps untouched!
Please could you check it.
Bye
Oliver
-- Homepage: http://www.wolfsburg.de/~rauch sane-umax: http://www.wolfsburg.de/~rauch/sane/sane-umax.html xsane: http://www.wolfsburg.de/~rauch/sane/sane-xsane.html E-Mail: mailto:Oliver.Rauch@Wolfsburg.DE-- Source code, list archive, and docs: http://www.mostang.com/sane/ To unsubscribe: echo unsubscribe sane-devel | mail majordomo@mostang.com
This archive was generated by hypermail 2b29 : Mon Feb 28 2000 - 08:18:11 PST