From c7366e2d3c94df806e360ffb217c265c45e8de77 Mon Sep 17 00:00:00 2001 From: Henning Geinitz Date: Sun, 22 Apr 2001 20:01:30 +0000 Subject: [PATCH] 2001-04-22 Henning Meier-Geinitz * PROBLEMS: Point to pnm/saned security risks. * TODO: Removed the entries about epson usb mis-detection and check for installed sane versions. * configure configure.in backend/Makefile.in: Added detection of older versions of SANE. The pnm backend is now disabled by default. * backend/dll.c backend/dll.desc: Fixed file descriptor leak (found by Douglas Gilbert). New version: 1.0.2. * backend/net.desc: Added Jochen Eisinger's email address as contact for the net backend. * doc/sane-pnm.man: Point to pnm/saned security risks. --- PROBLEMS | 10 ++++++++++ backend/Makefile.in | 2 +- backend/dll.c | 6 +++++- backend/dll.desc | 2 +- backend/net.desc | 1 + doc/sane-pnm.man | 12 ++++++++++-- 6 files changed, 28 insertions(+), 5 deletions(-) diff --git a/PROBLEMS b/PROBLEMS index d1e8669e2..3210e5536 100644 --- a/PROBLEMS +++ b/PROBLEMS @@ -57,3 +57,13 @@ Last update: Sun Nov 12 16:47:01 CET 2000 cp -a /usr/src/linux/include/scsi /usr/include should fix this problem. + +- Security problems with pnm + If the pnm backend is installed and saned is used to allow users on + remote computers to scan on the local machine, pnm files can be read by + the remote user. This is limited to the files saned can access (usually + it's running as user "sane"). All pnm files can be read if saned runs + as root which isn't recommended anyway. The pnm backend is disabled + by default. If you want to use it, enable it with configure (see + configure --help for details). Be sure that only trusted users can + access the pnm backend over saned. diff --git a/backend/Makefile.in b/backend/Makefile.in index e5d6f833d..fcb08aa60 100644 --- a/backend/Makefile.in +++ b/backend/Makefile.in @@ -54,7 +54,7 @@ COMPILE = $(CC) -c $(CFLAGS) $(DEFS) $(INCLUDES) $(CPPFLAGS) PRELOADABLE_BACKENDS = abaton agfafocus apple artec as6e avision bh canon \ coolscan dc25 @DC210@ @DC240@ dmc epson hp m3096g microtek microtek2 \ - mustek mustek_pp nec @NET@ pie @PINT@ plustek pnm @QCAM@ ricoh s9036 \ + mustek mustek_pp nec @NET@ pie @PINT@ plustek @PNM@ @QCAM@ ricoh s9036 \ sharp snapscan sp15c st400 tamarack umax @V4L@ ALL_BACKENDS = $(PRELOADABLE_BACKENDS) dll diff --git a/backend/dll.c b/backend/dll.c index f2e0e1f3a..25ce373a4 100644 --- a/backend/dll.c +++ b/backend/dll.c @@ -44,7 +44,7 @@ /* Please increase version number with every change (don't forget to update dll.desc) */ -#define DLL_VERSION "1.0.1" +#define DLL_VERSION "1.0.2" #ifdef _AIX # include "lalloca.h" /* MUST come first for AIX! */ @@ -316,6 +316,7 @@ load (struct backend *be) libname, strerror (errno)); return SANE_STATUS_INVAL; } + fclose (fp); DBG(2, "load: dlopen()ing `%s'\n", libname); #ifdef HAVE_DLOPEN @@ -520,6 +521,9 @@ sane_init (SANE_Int * version_code, SANE_Auth_Callback authorize) first_backend = &preloaded_backends[i]; } + /* Return the version number of the sane-backends package to allow + the frontend to print them. This is done only for net and dll, + because these backends are usually called by the frontend. */ if (version_code) *version_code = SANE_VERSION_CODE (SANE_DLL_V_MAJOR, SANE_DLL_V_MINOR, SANE_DLL_V_BUILD); diff --git a/backend/dll.desc b/backend/dll.desc index aab4242a6..b3df05b01 100644 --- a/backend/dll.desc +++ b/backend/dll.desc @@ -1,5 +1,5 @@ :backend "dll" ; name of backend -:version "1.0.1" +:version "1.0.2" :status :beta :manpage "sane-dll" diff --git a/backend/net.desc b/backend/net.desc index 244633bde..99843ac3e 100644 --- a/backend/net.desc +++ b/backend/net.desc @@ -2,6 +2,7 @@ :version "1.0.1" :status :beta :manpage "sane-net" +:url "mailto:jochen.eisinger@gmx.net" :devicetype :meta :desc "Network access to saned servers" diff --git a/doc/sane-pnm.man b/doc/sane-pnm.man index 1a3603fce..e64c42453 100644 --- a/doc/sane-pnm.man +++ b/doc/sane-pnm.man @@ -1,4 +1,4 @@ -.TH sane-pnm 5 "21 April 1997" +.TH sane-pnm 5 "22 April 2001" .IX sane-pnm .SH NAME sane-pnm - SANE PNM image reader pseudo-backend @@ -8,7 +8,7 @@ The library implements a SANE (Scanner Access Now Easy) backend that provides access to PNM (Portable aNyMap files, which covers PBM bitmap files, PGM grayscale files, and PPM pixmap files). The purpose of -this backend is primarly to aide in debugging of SANE frontends. It +this backend is primarly to aid in debugging of SANE frontends. It also serves as an illustrative example of a minimal SANE backend. .SH "DEVICE NAMES" This backend provides two devices called @@ -32,5 +32,13 @@ If the library was compiled with debug support enabled, this environment variable controls the debug level for this backend. E.g., a value of 128 requests all debug output to be printed. Smaller levels reduce verbosity. +.SH BUGS +If the pnm backend is installed and saned is used to allow users on remote +computers to scan on the local machine, pnm files can be read by the remote +user. This is limited to the files saned can access (usually it's running as +user "sane"). All pnm files can be read if saned runs as root which isn't +recommended anyway. The pnm backend is disabled by default. If you want to use +it, enable it with configure (see configure --help for details). Be sure that +only trusted users can access the pnm backend over saned. .SH AUTHOR Andreas Beck, Gordon Matzigkeit, and David Mosberger