sane-project-website/old-archive/1999-11/0209.html

<!-- received="Sun Nov 21 18:38:47 1999 PST" -->
<!-- sent="Sun, 21 Nov 1999 21:39:57 -0500" -->
<!-- name="Douglas Gilbert" -->
<!-- email="dgilbert@interlog.com" -->
<!-- subject="Re: GIMP/SANE PERMISSIONS" -->
<!-- id="" -->
<!-- inreplyto="GIMP/SANE PERMISSIONS" -->
<title>sane-devel: Re: GIMP/SANE PERMISSIONS</title>
<h1>Re: GIMP/SANE PERMISSIONS</h1>
<b>Douglas Gilbert</b> (<a href="mailto:dgilbert@interlog.com"><i>dgilbert@interlog.com</i></a>)<br>
<i>Sun, 21 Nov 1999 21:39:57 -0500</i>
<p>
<ul>
<li> <b>Messages sorted by:</b> <a href="date.html#209">[ date ]</a><a href="index.html#209">[ thread ]</a><a href="subject.html#209">[ subject ]</a><a href="author.html#209">[ author ]</a>
<!-- next="start" -->
<li> <b>Next message:</b> <a href="0210.html">Rob Komar: "Re: GIMP/SANE PERMISSIONS"</a>
<li> <b>Previous message:</b> <a href="0208.html">Bob van der Poel: "Re: GIMP/SANE PERMISSIONS"</a>
<li> <b>Maybe in reply to:</b> <a href="0131.html">David McCormick: "GIMP/SANE PERMISSIONS"</a>
<!-- nextthread="start" -->
<li> <b>Next in thread:</b> <a href="0211.html">Bob van der Poel: "Re: GIMP/SANE PERMISSIONS"</a>
<!-- reply="end" -->
</ul>
<!-- body="start" -->
Bob van der Poel wrote:<br>
<i>&gt; </i><br>
<i>&gt; Douglas Gilbert wrote:</i><br>
<i>&gt; &gt;</i><br>
<i>&gt; &gt; Oliver Rauch wrote:</i><br>
<i>&gt; &gt; &gt;</i><br>
<i>&gt; &gt; &gt; Bob van der Poel wrote:</i><br>
<i>&gt; &gt; &gt;</i><br>
<i>&gt; &gt; &gt; &gt; What I did was to make xsane SUID. This leaves it's own problems....</i><br>
<i>&gt; &gt; &gt;</i><br>
<i>&gt; &gt; &gt; Hi Bob,</i><br>
<i>&gt; &gt; &gt;</i><br>
<i>&gt; &gt; &gt; I don`t think this is much better.</i><br>
<i>&gt; &gt; &gt;</i><br>
<i>&gt; &gt; &gt; I suggest to create a goup "sane" or "scanner" and</i><br>
<i>&gt; &gt; &gt; make the relevant /dev/sg? device that group and mode 660</i><br>
<i>&gt; &gt;</i><br>
<i>&gt; &gt; I'm working on an additional interface to the Linux sg</i><br>
<i>&gt; &gt; driver which allows 2 ways to talk to the SCSI device:</i><br>
<i>&gt; &gt;   1) write() request then read() response [existing method]</i><br>
<i>&gt; &gt;   2) an ioctl() call SG_IO that has a similar effect</i><br>
<i>&gt; &gt;</i><br>
<i>&gt; &gt; Now 2) is new (for Linux) and will make for simpler interface</i><br>
<i>&gt; &gt; code and allow for more flexible sg device permissions.</i><br>
<i>&gt; &gt; [ Method 1) is staying for backward compatibility, polling,</i><br>
<i>&gt; &gt; aynchronous notification and multi-threaded work.]</i><br>
<i>&gt; &gt;</i><br>
<i>&gt; &gt; Now the sg device driver can do nothing about write</i><br>
<i>&gt; &gt; permissions being needed for method 1) because it involves</i><br>
<i>&gt; &gt; a write() system call. Method 2) doesn't have this restriction</i><br>
<i>&gt; &gt; but some care is needed. It is probably not a good idea to</i><br>
<i>&gt; &gt; let a user with only read permissions to a SCSI disk send</i><br>
<i>&gt; &gt; a WRITE or a FORMAT command to it. The logic for the</i><br>
<i>&gt; &gt; SG_IO ioctl() at the moment looks at the SCSI device type</i><br>
<i>&gt; &gt; (e.g. scanner, disk etc) and the SCSI coomand code. In the</i><br>
<i>&gt; &gt; case of a scanner it lets all SCSI commands through. Is this</i><br>
<i>&gt; &gt; a good idea or should some SCSI commands to a scanner be</i><br>
<i>&gt; &gt; restricted if a user does not have write permissions?</i><br>
<i>&gt; &gt;</i><br>
<i>&gt; &gt; Doug Gilbert</i><br>
<i>&gt; </i><br>
<i>&gt; I'm not an expert on permissions, etc. But... what you are doing sounds</i><br>
<i>&gt; dangerous to me. I'd just leave the thing alone and let the user worry</i><br>
<i>&gt; about one of many ways to access the device with read/write:</i><br>
<i>&gt; </i><br>
<i>&gt;         SUID Root</i><br>
<i>&gt;         Run as root</i><br>
<i>&gt;         change the permissions on /dev/sg?</i><br>
<i>&gt;         set a group, sane, with read/write permissions</i><br>
<i>&gt; </i><br>
<i>&gt; I guess the advantage to running though ioctl() is that the user doesn't</i><br>
<i>&gt; need to worry about setting permissions. But, in this case wouldn't ALL</i><br>
<i>&gt; users get permission to use the scanner? Or even, not USE it, but write</i><br>
<i>&gt; to it (which might be even more dangerous?).</i><br>
<p>
Redhat 6.0 defaults "600" permissions on sg devices. Therefore<br>
without read permissions, normal users cannot open sg devices. <br>
One of the first questions I asked to a Linux newsgroup was <br>
why a logical read operation such as scanning a document needed<br>
write permissions. From memory the answer was something like<br>
that that is just the way things are. Should it be?<br>
<p>
Doug Gilbert<br>
<p>
<pre>
--
Source code, list archive, and docs: <a href="http://www.mostang.com/sane/">http://www.mostang.com/sane/</a>
To unsubscribe: echo unsubscribe sane-devel | mail <a href="mailto:majordomo@mostang.com">majordomo@mostang.com</a>
</pre>
<!-- body="end" -->
<p>
<ul>
<!-- next="start" -->
<li> <b>Next message:</b> <a href="0210.html">Rob Komar: "Re: GIMP/SANE PERMISSIONS"</a>
<li> <b>Previous message:</b> <a href="0208.html">Bob van der Poel: "Re: GIMP/SANE PERMISSIONS"</a>
<li> <b>Maybe in reply to:</b> <a href="0131.html">David McCormick: "GIMP/SANE PERMISSIONS"</a>
<!-- nextthread="start" -->
<li> <b>Next in thread:</b> <a href="0211.html">Bob van der Poel: "Re: GIMP/SANE PERMISSIONS"</a>
<!-- reply="end" -->
</ul>