kopia lustrzana https://gitlab.com/sane-project/website
104 wiersze
5.3 KiB
HTML
104 wiersze
5.3 KiB
HTML
<!-- received="Sun Nov 21 18:38:47 1999 PST" -->
|
||
<!-- sent="Sun, 21 Nov 1999 21:39:57 -0500" -->
|
||
<!-- name="Douglas Gilbert" -->
|
||
<!-- email="dgilbert@interlog.com" -->
|
||
<!-- subject="Re: GIMP/SANE PERMISSIONS" -->
|
||
<!-- id="" -->
|
||
<!-- inreplyto="GIMP/SANE PERMISSIONS" -->
|
||
<title>sane-devel: Re: GIMP/SANE PERMISSIONS</title>
|
||
<h1>Re: GIMP/SANE PERMISSIONS</h1>
|
||
<b>Douglas Gilbert</b> (<a href="mailto:dgilbert@interlog.com"><i>dgilbert@interlog.com</i></a>)<br>
|
||
<i>Sun, 21 Nov 1999 21:39:57 -0500</i>
|
||
<p>
|
||
<ul>
|
||
<li> <b>Messages sorted by:</b> <a href="date.html#209">[ date ]</a><a href="index.html#209">[ thread ]</a><a href="subject.html#209">[ subject ]</a><a href="author.html#209">[ author ]</a>
|
||
<!-- next="start" -->
|
||
<li> <b>Next message:</b> <a href="0210.html">Rob Komar: "Re: GIMP/SANE PERMISSIONS"</a>
|
||
<li> <b>Previous message:</b> <a href="0208.html">Bob van der Poel: "Re: GIMP/SANE PERMISSIONS"</a>
|
||
<li> <b>Maybe in reply to:</b> <a href="0131.html">David McCormick: "GIMP/SANE PERMISSIONS"</a>
|
||
<!-- nextthread="start" -->
|
||
<li> <b>Next in thread:</b> <a href="0211.html">Bob van der Poel: "Re: GIMP/SANE PERMISSIONS"</a>
|
||
<!-- reply="end" -->
|
||
</ul>
|
||
<!-- body="start" -->
|
||
Bob van der Poel wrote:<br>
|
||
<i>> </i><br>
|
||
<i>> Douglas Gilbert wrote:</i><br>
|
||
<i>> ></i><br>
|
||
<i>> > Oliver Rauch wrote:</i><br>
|
||
<i>> > ></i><br>
|
||
<i>> > > Bob van der Poel wrote:</i><br>
|
||
<i>> > ></i><br>
|
||
<i>> > > > What I did was to make xsane SUID. This leaves it's own problems....</i><br>
|
||
<i>> > ></i><br>
|
||
<i>> > > Hi Bob,</i><br>
|
||
<i>> > ></i><br>
|
||
<i>> > > I don`t think this is much better.</i><br>
|
||
<i>> > ></i><br>
|
||
<i>> > > I suggest to create a goup "sane" or "scanner" and</i><br>
|
||
<i>> > > make the relevant /dev/sg? device that group and mode 660</i><br>
|
||
<i>> ></i><br>
|
||
<i>> > I'm working on an additional interface to the Linux sg</i><br>
|
||
<i>> > driver which allows 2 ways to talk to the SCSI device:</i><br>
|
||
<i>> > 1) write() request then read() response [existing method]</i><br>
|
||
<i>> > 2) an ioctl() call SG_IO that has a similar effect</i><br>
|
||
<i>> ></i><br>
|
||
<i>> > Now 2) is new (for Linux) and will make for simpler interface</i><br>
|
||
<i>> > code and allow for more flexible sg device permissions.</i><br>
|
||
<i>> > [ Method 1) is staying for backward compatibility, polling,</i><br>
|
||
<i>> > aynchronous notification and multi-threaded work.]</i><br>
|
||
<i>> ></i><br>
|
||
<i>> > Now the sg device driver can do nothing about write</i><br>
|
||
<i>> > permissions being needed for method 1) because it involves</i><br>
|
||
<i>> > a write() system call. Method 2) doesn't have this restriction</i><br>
|
||
<i>> > but some care is needed. It is probably not a good idea to</i><br>
|
||
<i>> > let a user with only read permissions to a SCSI disk send</i><br>
|
||
<i>> > a WRITE or a FORMAT command to it. The logic for the</i><br>
|
||
<i>> > SG_IO ioctl() at the moment looks at the SCSI device type</i><br>
|
||
<i>> > (e.g. scanner, disk etc) and the SCSI coomand code. In the</i><br>
|
||
<i>> > case of a scanner it lets all SCSI commands through. Is this</i><br>
|
||
<i>> > a good idea or should some SCSI commands to a scanner be</i><br>
|
||
<i>> > restricted if a user does not have write permissions?</i><br>
|
||
<i>> ></i><br>
|
||
<i>> > Doug Gilbert</i><br>
|
||
<i>> </i><br>
|
||
<i>> I'm not an expert on permissions, etc. But... what you are doing sounds</i><br>
|
||
<i>> dangerous to me. I'd just leave the thing alone and let the user worry</i><br>
|
||
<i>> about one of many ways to access the device with read/write:</i><br>
|
||
<i>> </i><br>
|
||
<i>> SUID Root</i><br>
|
||
<i>> Run as root</i><br>
|
||
<i>> change the permissions on /dev/sg?</i><br>
|
||
<i>> set a group, sane, with read/write permissions</i><br>
|
||
<i>> </i><br>
|
||
<i>> I guess the advantage to running though ioctl() is that the user doesn't</i><br>
|
||
<i>> need to worry about setting permissions. But, in this case wouldn't ALL</i><br>
|
||
<i>> users get permission to use the scanner? Or even, not USE it, but write</i><br>
|
||
<i>> to it (which might be even more dangerous?).</i><br>
|
||
<p>
|
||
Redhat 6.0 defaults "600" permissions on sg devices. Therefore<br>
|
||
without read permissions, normal users cannot open sg devices. <br>
|
||
One of the first questions I asked to a Linux newsgroup was <br>
|
||
why a logical read operation such as scanning a document needed<br>
|
||
write permissions. From memory the answer was something like<br>
|
||
that that is just the way things are. Should it be?<br>
|
||
<p>
|
||
Doug Gilbert<br>
|
||
<p>
|
||
<pre>
|
||
--
|
||
Source code, list archive, and docs: <a href="http://www.mostang.com/sane/">http://www.mostang.com/sane/</a>
|
||
To unsubscribe: echo unsubscribe sane-devel | mail <a href="mailto:majordomo@mostang.com">majordomo@mostang.com</a>
|
||
</pre>
|
||
<!-- body="end" -->
|
||
<p>
|
||
<ul>
|
||
<!-- next="start" -->
|
||
<li> <b>Next message:</b> <a href="0210.html">Rob Komar: "Re: GIMP/SANE PERMISSIONS"</a>
|
||
<li> <b>Previous message:</b> <a href="0208.html">Bob van der Poel: "Re: GIMP/SANE PERMISSIONS"</a>
|
||
<li> <b>Maybe in reply to:</b> <a href="0131.html">David McCormick: "GIMP/SANE PERMISSIONS"</a>
|
||
<!-- nextthread="start" -->
|
||
<li> <b>Next in thread:</b> <a href="0211.html">Bob van der Poel: "Re: GIMP/SANE PERMISSIONS"</a>
|
||
<!-- reply="end" -->
|
||
</ul>
|