The current warnings do not explain to the administrator what risks may
actually be involved by exposing saned to the network, so that they can
take the appropriate measures.
Currently the administrator is advised to restrict incoming connections
to saned (using tcpwrappers and/or firewall rules). This might not have
been the typical posture when this was written. More importantly, these
actions are not meant to protect against a loss of confidentiality, and
the administrator should not be led to believe this is the case.
Suggest the use of a secure tunnel between each client and saned, which
can be achieved without modifying the software.
README.linux. Removed SG_BIG_BUF problem. Rewrote Mustek "exceed the physical
scan area" problem as it applies to most flatbed scanners. Added info about
test backend. Added info about saned security issues.
* PROBLEMS: Point to pnm/saned security risks.
* TODO: Removed the entries about epson usb mis-detection and check
for installed sane versions.
* configure configure.in backend/Makefile.in: Added detection of older
versions of SANE. The pnm backend is now disabled by default.
* backend/dll.c backend/dll.desc: Fixed file descriptor leak (found by
Douglas Gilbert). New version: 1.0.2.
* backend/net.desc: Added Jochen Eisinger's email address as contact
for the net backend.
* doc/sane-pnm.man: Point to pnm/saned security risks.
* doc/sane.tex: Fixed a typo.
* doc/.cvsignore: Added the files produced by make ps.
* README: Removed X-frontends. Point to sane-frontends and website.
Some reformatting.
* TODO: Updated concerning frontends split.
* PROJECTS: Removed entries about frontends (now in
sane-frontends/README)
* PROBLEMS: Removed entries about frontends (now in
sane-frontends/PROBLEMS)
David Ward