[sane-devel] Security concern about API sane_control_option()
Olaf Meeuwissen
olaf.meeuwissen at avasys.jp
Tue Feb 13 00:53:15 CET 2007
"m. allan noah" <kitno455 at gmail.com> writes:
> On 2/8/07, Olaf Meeuwissen <olaf.meeuwissen at avasys.jp> wrote:
>> "simon.zheng" <Simon.Zheng at Sun.COM> writes:
>>
>> > I'm a new commer for SANE & XSane. Here are some
>> > security questions when studying API sane_control_option().
>> > I would appreciate if anyone can give help.
>> >
>> > Is there any possibility sane_control_option() allows
>> > you to get or set any control that would allow one
>> > user to affect another user. For example:
>>
>> sane_control_option() is there so that frontends can tell the backends
>> what the user wants to do. It's a very abstract interface and exactly
>> what options are available is left to the discretion of each backend.
>>
>> So any security implications are not a result of sane_control_option()
>> but of the set of options a particular backend chooses to provide.
>
> and perhaps just as important- this consideration changes based on the lifetime
> of the running application. since an individual sane backend exits at the same
> time as the frontend (it is not a daemon), two users using even the same
> frontend on the host will not share memory. this changes of course if you write
> a frontend that is long running, like saned...
A frontend could be used to change a hardware setting. Such settings
may remain in effect even after the frontend terminates. If that is
the case then the scenarios Simon originally mentioned become very
real.
Hope this helps,
--
Olaf Meeuwissen EPSON AVASYS Corporation, SE1
FSF Associate Member #1962 sign up at http://member.fsf.org/
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90
Penguin's lib! -- I hack, therefore I am -- LPIC-2
More information about the sane-devel
mailing list