Permissions of /dev/sg* and xsane, xscanimage (was Re: Report on , last CVS snapshot)

From: Peter Hackenberg (phackenberg@aip.de)
Date: Thu Feb 24 2000 - 01:25:29 PST

  • Next message: Bart Szyszka: "Re: Getting scanner listed as a device"

    On Wed, 23 Feb 2000, Oliver Rauch wrote:

    > Peter Hackenberg wrote:
    >
    > > >
    > > > > BTW, as root I can't find the xsane binaries once built and installed...
    > > > > I will learn how to modify the path. :-)
    > > >
    > > > Do not run xsane as root!
    > > >
    > >
    > > Be careful with this, because the SCSI devices are assigned to
    > > /dev/sg* at boot time. If some of your SCSI devices are switched off
    > > at boot time, your scanner device file (e.g. /dev/sg2) may then
    > > be pointing to your hard disk.
    > >
    >
    > I think about adding a "root" test to xsane so that xsane exits when
    > started as root.

    That's too restrictive. Sometimes you just want to test as root
    whether something works or not. Print some (annoying) warning
    message instead.

    Not running xsane with uid root will only avoid some security
    problems. But it cannot restrict xsane (or xscanimage or ...) from
    accidently accessing a sensitive device.

    Given that under "regular" conditions, i.e. all scsi devices are switched
    on at boot time,

    crw-rw---- root disk /dev/sg2 # scanner
    crw-rw---- root disk /dev/sg3 # some sensitive device

    and you reboot with the scanner switched off, then /dev/sg2 points
    to the sensitive device. That is the reason why

    crw-rw-rw- root disk /dev/sg2

    should be avoided. But then xsane must be setgid disk

    -rwxr-sr-x root disk xsane

    if you don't want to run xsane as root (what you also should not do).

    The "obvious" solution to give the "sensitive device" a lower scsi number
    than the scanner is not feasible if that device must have a higher
    priority. It also fails if you dynamically load/delete scsi devices.

    I do suggest to eliminate the /dev/scanner symlink business totally,
    because it is not unlikely that it points to the wrong device.

    Peter

    --
    Source code, list archive, and docs: http://www.mostang.com/sane/
    To unsubscribe: echo unsubscribe sane-devel | mail majordomo@mostang.com
    



    This archive was generated by hypermail 2b29 : Thu Feb 24 2000 - 02:02:03 PST