kopia lustrzana https://gitlab.com/sane-project/backends
doc/saned: Improve security warnings
The current warnings do not explain to the administrator what risks may actually be involved by exposing saned to the network, so that they can take the appropriate measures. Currently the administrator is advised to restrict incoming connections to saned (using tcpwrappers and/or firewall rules). This might not have been the typical posture when this was written. More importantly, these actions are not meant to protect against a loss of confidentiality, and the administrator should not be led to believe this is the case. Suggest the use of a secure tunnel between each client and saned, which can be achieved without modifying the software.666-epsonds-has-issues-with-saned
David Ward
rodzic
db009d158e
commit
db25c1e7eb
14
PROBLEMS
14
PROBLEMS
|
|
@ -1,5 +1,3 @@
|
|||
Last update: 2006-01-05
|
||||
|
||||
- Avoiding damage on flatbed scanners
|
||||
|
||||
Most flatbed scanners have no protection against exceeding the physical scan
|
||||
|
|
@ -15,8 +13,10 @@ Last update: 2006-01-05
|
|||
|
||||
- Security problems with saned (SANE network scanning daemon)
|
||||
|
||||
saned is not intended to be exposed to the internet or other non-trusted
|
||||
networks. Make sure that access is limited by tcpwrappers and/or a firewall
|
||||
setup. Don't depend only on saned's own authentication. Don't run saned
|
||||
as root if it's not necessary. And do not install saned as setuid root.
|
||||
Read man saned(8) for details.
|
||||
saned does not provide confidentiality when communicating with clients.
|
||||
If saned is exposed directly on the network, other users may be able to
|
||||
intercept scanned images, or learn passwords for connecting to saned,
|
||||
with little effort. Client systems should connect to saned through a
|
||||
secure tunnel to the server instead.
|
||||
|
||||
saned is not a trusted program and should not run with root privileges.
|
||||
|
|
|
|||
|
|
@ -119,20 +119,6 @@ debug output to stderr instead of the syslog default.
|
|||
displays a short help message.
|
||||
|
||||
.SH CONFIGURATION
|
||||
First and foremost:
|
||||
.B saned
|
||||
is not intended to be exposed to the internet or other non-trusted
|
||||
networks. Make sure that access is limited by tcpwrappers and/or a firewall
|
||||
setup. Don't depend only on
|
||||
.BR saned 's
|
||||
own authentication. Don't run
|
||||
.B saned
|
||||
as root if it's not necessary. And do
|
||||
.B not
|
||||
install
|
||||
.B saned
|
||||
as setuid root.
|
||||
.PP
|
||||
The
|
||||
.I saned.conf
|
||||
configuration file contains both options for the daemon and the access
|
||||
|
|
@ -234,6 +220,21 @@ and
|
|||
being searched (in this order).
|
||||
|
||||
.SH NOTES
|
||||
.B saned
|
||||
does
|
||||
.I not
|
||||
provide confidentiality when communicating with clients. If
|
||||
.B saned
|
||||
is exposed directly on the network, other users may be able to intercept
|
||||
scanned images, or learn passwords for connecting to
|
||||
.BR saned ,
|
||||
with little effort. Client systems should connect to
|
||||
.B saned
|
||||
through a secure tunnel to the server instead.
|
||||
.PP
|
||||
.B saned
|
||||
is not a trusted program and should not run with root privileges.
|
||||
.PP
|
||||
Refer to
|
||||
.I @DOCDIR@/saned/saned.install.md
|
||||
for details on configuring
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue