Quantcast

Security concern about sane_control_option()

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Security concern about sane_control_option()

秀荣 郑
Hi,

I'm a new commer for SANE & XSane. Here are some
security questions when studying API
sane_control_option().
I would appreciate if anyone can give help.

Is there any possibility sane_control_option() allows
you to get or set any control that would allow one
user to affect another user. For example:

- User A logs in, sets a control that disables the
scanner.
User A logs out and user B logs in. He can't access
the
scanner, and does not know why. This is a
Denial-Of-Service.

- User A logs in, uses the scanner, logs out. User B
logs in, and uses a control to access information
about what user
A scanned - perhaps even the image files from a
buffer.

Aside from sane_control_option(), are there any other
exposed interfaces that would allow one user to affect
another user if they have full access to the device
via SANE API?

Thanks,
-Simon


               
___________________________________________________________
雅虎免费邮箱-3.5G容量,20M附件
http://cn.mail.yahoo.com/

--
sane-standard mailing list: [hidden email]
http://lists.alioth.debian.org/mailman/listinfo/sane-standard
Unsubscribe: Send mail with subject "unsubscribe your_password"
             to  [hidden email]
Loading...