[sane-standard] Security concern about sane_control_option()
=?gb2312?q?=D0=E3=C8=D9=20=D6=A3?=
zxrnzheng at yahoo.com.cn
Thu Feb 8 16:40:05 CET 2007
Hi,
I'm a new commer for SANE & XSane. Here are some
security questions when studying API
sane_control_option().
I would appreciate if anyone can give help.
Is there any possibility sane_control_option() allows
you to get or set any control that would allow one
user to affect another user. For example:
- User A logs in, sets a control that disables the
scanner.
User A logs out and user B logs in. He can't access
the
scanner, and does not know why. This is a
Denial-Of-Service.
- User A logs in, uses the scanner, logs out. User B
logs in, and uses a control to access information
about what user
A scanned - perhaps even the image files from a
buffer.
Aside from sane_control_option(), are there any other
exposed interfaces that would allow one user to affect
another user if they have full access to the device
via SANE API?
Thanks,
-Simon
___________________________________________________________
ÑÅ»¢Ãâ·ÑÓÊÏä-3.5GÈÝÁ¿£¬20M¸½¼þ
http://cn.mail.yahoo.com/
More information about the sane-standard
mailing list