kopia lustrzana https://gitlab.com/sane-project/website
156 wiersze
6.3 KiB
HTML
156 wiersze
6.3 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
|
|
"http://www.w3.org/TR/REC-html40/loose.dtd">
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE>sane-devel: Permissions of /dev/sg* and xsane, xscanimage (was</TITLE>
|
|
<META NAME="Author" CONTENT="Peter Hackenberg (phackenberg@aip.de)">
|
|
<META NAME="Subject" CONTENT="Permissions of /dev/sg* and xsane, xscanimage (was Re: Report on , last CVS snapshot)">
|
|
</HEAD>
|
|
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
|
|
<H1>Permissions of /dev/sg* and xsane, xscanimage (was Re: Report on , last CVS snapshot)</H1>
|
|
<!-- received="Thu Feb 24 01:58:56 2000" -->
|
|
<!-- isoreceived="20000224095856" -->
|
|
<!-- sent="Thu, 24 Feb 2000 10:25:29 +0100 (MET)" -->
|
|
<!-- isosent="20000224092529" -->
|
|
<!-- name="Peter Hackenberg" -->
|
|
<!-- email="phackenberg@aip.de" -->
|
|
<!-- subject="Permissions of /dev/sg* and xsane, xscanimage (was Re: Report on , last CVS snapshot)" -->
|
|
<!-- id="Pine.HPP.3.96.1000224084709.10986A-100000@osra2.aip.de" -->
|
|
<!-- inreplyto="38B40C8B.A7007AF@wolfsburg.de" -->
|
|
<STRONG>From:</STRONG> Peter Hackenberg (<A HREF="mailto:phackenberg@aip.de?Subject=Re:%20Permissions%20of%20/dev/sg*%20and%20xsane,%20xscanimage%20(was%20Re:%20Report%20on%20,%20last%20CVS%20snapshot)&In-Reply-To=<Pine.HPP.3.96.1000224084709.10986A-100000@osra2.aip.de>"><EM>phackenberg@aip.de</EM></A>)<BR>
|
|
<STRONG>Date:</STRONG> Thu Feb 24 2000 - 01:25:29 PST
|
|
<P>
|
|
<!-- next="start" -->
|
|
<LI><STRONG>Next message:</STRONG> <A HREF="0324.html">Bart Szyszka: "Re: Getting scanner listed as a device"</A>
|
|
<UL>
|
|
<LI><STRONG>Previous message:</STRONG> <A HREF="0322.html">Dave Hill: "Re: RPM build file"</A>
|
|
<LI><STRONG>In reply to:</STRONG> <A HREF="0310.html">Oliver Rauch: "Re: Report on last CVS snapshot"</A>
|
|
<!-- nextthread="start" -->
|
|
<LI><STRONG>Next in thread:</STRONG> <A HREF="0325.html">Joe Smith: "Re: Permissions of /dev/sg* and xsane, xscanimage (was Re: Report on , last CVS snapshot)"</A>
|
|
<LI><STRONG>Next in thread:</STRONG> <A HREF="0319.html">Petter Reinholdtsen: "Re: Report on last CVS snapshot"</A>
|
|
<LI><STRONG>Reply:</STRONG> <A HREF="0325.html">Joe Smith: "Re: Permissions of /dev/sg* and xsane, xscanimage (was Re: Report on , last CVS snapshot)"</A>
|
|
<!-- reply="end" -->
|
|
<LI><STRONG>Messages sorted by:</STRONG>
|
|
<A HREF="date.html#323">[ date ]</A>
|
|
<A HREF="index.html#323">[ thread ]</A>
|
|
<A HREF="subject.html#323">[ subject ]</A>
|
|
<A HREF="author.html#323">[ author ]</A>
|
|
</UL>
|
|
<HR NOSHADE><P>
|
|
<!-- body="start" -->
|
|
<P>
|
|
On Wed, 23 Feb 2000, Oliver Rauch wrote:
|
|
<BR>
|
|
<P><EM>> Peter Hackenberg wrote:
|
|
</EM><BR>
|
|
<EM>>
|
|
</EM><BR>
|
|
<EM>> > >
|
|
</EM><BR>
|
|
<EM>> > > > BTW, as root I can't find the xsane binaries once built and installed...
|
|
</EM><BR>
|
|
<EM>> > > > I will learn how to modify the path. :-)
|
|
</EM><BR>
|
|
<EM>> > >
|
|
</EM><BR>
|
|
<EM>> > > Do not run xsane as root!
|
|
</EM><BR>
|
|
<EM>> > >
|
|
</EM><BR>
|
|
<EM>> >
|
|
</EM><BR>
|
|
<EM>> > Be careful with this, because the SCSI devices are assigned to
|
|
</EM><BR>
|
|
<EM>> > /dev/sg* at boot time. If some of your SCSI devices are switched off
|
|
</EM><BR>
|
|
<EM>> > at boot time, your scanner device file (e.g. /dev/sg2) may then
|
|
</EM><BR>
|
|
<EM>> > be pointing to your hard disk.
|
|
</EM><BR>
|
|
<EM>> >
|
|
</EM><BR>
|
|
<EM>>
|
|
</EM><BR>
|
|
<EM>> I think about adding a "root" test to xsane so that xsane exits when
|
|
</EM><BR>
|
|
<EM>> started as root.
|
|
</EM><BR>
|
|
<P>That's too restrictive. Sometimes you just want to test as root
|
|
<BR>
|
|
whether something works or not. Print some (annoying) warning
|
|
<BR>
|
|
message instead.
|
|
<BR>
|
|
<P><P>Not running xsane with uid root will only avoid some security
|
|
<BR>
|
|
problems. But it cannot restrict xsane (or xscanimage or ...) from
|
|
<BR>
|
|
accidently accessing a sensitive device.
|
|
<BR>
|
|
<P>Given that under "regular" conditions, i.e. all scsi devices are switched
|
|
<BR>
|
|
on at boot time,
|
|
<BR>
|
|
<P>crw-rw---- root disk /dev/sg2 # scanner
|
|
<BR>
|
|
crw-rw---- root disk /dev/sg3 # some sensitive device
|
|
<BR>
|
|
<P>and you reboot with the scanner switched off, then /dev/sg2 points
|
|
<BR>
|
|
to the sensitive device. That is the reason why
|
|
<BR>
|
|
<P>crw-rw-rw- root disk /dev/sg2
|
|
<BR>
|
|
<P>should be avoided. But then xsane must be setgid disk
|
|
<BR>
|
|
<P>-rwxr-sr-x root disk xsane
|
|
<BR>
|
|
<P>if you don't want to run xsane as root (what you also should not do).
|
|
<BR>
|
|
<P>The "obvious" solution to give the "sensitive device" a lower scsi number
|
|
<BR>
|
|
than the scanner is not feasible if that device must have a higher
|
|
<BR>
|
|
priority. It also fails if you dynamically load/delete scsi devices.
|
|
<BR>
|
|
<P>I do suggest to eliminate the /dev/scanner symlink business totally,
|
|
<BR>
|
|
because it is not unlikely that it points to the wrong device.
|
|
<BR>
|
|
<P>Peter
|
|
<BR>
|
|
<P><P><PRE>
|
|
--
|
|
Source code, list archive, and docs: <A HREF="http://www.mostang.com/sane/">http://www.mostang.com/sane/</A>
|
|
To unsubscribe: echo unsubscribe sane-devel | mail <A HREF="mailto:majordomo@mostang.com?Subject=Re:%20Permissions%20of%20/dev/sg*%20and%20xsane,%20xscanimage%20(was%20Re:%20Report%20on%20,%20last%20CVS%20snapshot)&In-Reply-To=<Pine.HPP.3.96.1000224084709.10986A-100000@osra2.aip.de>">majordomo@mostang.com</A>
|
|
</PRE>
|
|
<P><!-- body="end" -->
|
|
<HR NOSHADE>
|
|
<UL>
|
|
<!-- next="start" -->
|
|
<LI><STRONG>Next message:</STRONG> <A HREF="0324.html">Bart Szyszka: "Re: Getting scanner listed as a device"</A>
|
|
<LI><STRONG>Previous message:</STRONG> <A HREF="0322.html">Dave Hill: "Re: RPM build file"</A>
|
|
<LI><STRONG>In reply to:</STRONG> <A HREF="0310.html">Oliver Rauch: "Re: Report on last CVS snapshot"</A>
|
|
<!-- nextthread="start" -->
|
|
<LI><STRONG>Next in thread:</STRONG> <A HREF="0325.html">Joe Smith: "Re: Permissions of /dev/sg* and xsane, xscanimage (was Re: Report on , last CVS snapshot)"</A>
|
|
<LI><STRONG>Next in thread:</STRONG> <A HREF="0319.html">Petter Reinholdtsen: "Re: Report on last CVS snapshot"</A>
|
|
<LI><STRONG>Reply:</STRONG> <A HREF="0325.html">Joe Smith: "Re: Permissions of /dev/sg* and xsane, xscanimage (was Re: Report on , last CVS snapshot)"</A>
|
|
<!-- reply="end" -->
|
|
<LI><STRONG>Messages sorted by:</STRONG>
|
|
<A HREF="date.html#323">[ date ]</A>
|
|
<A HREF="index.html#323">[ thread ]</A>
|
|
<A HREF="subject.html#323">[ subject ]</A>
|
|
<A HREF="author.html#323">[ author ]</A>
|
|
</UL>
|
|
<!-- trailer="footer" -->
|
|
<HR NOSHADE>
|
|
<P>
|
|
<SMALL>
|
|
<EM>
|
|
This archive was generated by <A HREF="http://www.hypermail.org/">hypermail 2b29</A>
|
|
: <EM>Thu Feb 24 2000 - 02:02:03 PST</EM>
|
|
</EM>
|
|
</SMALL>
|
|
</BODY>
|
|
</HTML>
|