[sane-devel] Forward: saned problems with xinetd
Henning Meier-Geinitz
henning@meier-geinitz.de
Thu, 19 Sep 2002 23:46:59 +0200
Hi,
On Thu, Sep 19, 2002 at 10:21:38AM +0100, Martyn Ranyard wrote:
> On Thursday 19 September 2002 00:15, Robert Kleemann wrote:
> > I've been banging my head on this all afternoon so it's time to seek
> > help.
> >
> > Summary: saned runs fine as a standalone server (saned -d128) but
> > fails when run from xinetd.
>
> I had a very similar problem when I forgot to create the sane user and group.
> according to the installation notes, these are saned and saned, but it never
> mentioned creating them.
There is at least a hint in the saned manpage: "Note that both
examples assume that there is a saned group and a saned user.". Any
proposals to make that line more clear?
> I believe I fixed it by setting the id in inetd to root root. This may be a
> security hole, but we have a good firewall, and if anyone gets past it, them
> being able to use the scanner is the least of our problems.
The reason for saned not beeing root is that a possible bug in saned
or any backend would be more severe in this case. E.g. a backend
that accidently allows to read any file could transmit /etc/shadow if
run as root.
Bye,
Henning