[sane-devel] Forward: saned problems with xinetd

Henning Meier-Geinitz henning@meier-geinitz.de
Thu, 19 Sep 2002 23:46:59 +0200


On Thu, Sep 19, 2002 at 10:21:38AM +0100, Martyn Ranyard wrote:
> On Thursday 19 September 2002 00:15, Robert Kleemann wrote:
> > I've been banging my head on this all afternoon so it's time to seek
> > help.
> >
> > Summary: saned runs fine as a standalone server (saned -d128) but
> > fails when run from xinetd.
> I had a very similar problem when I forgot to create the sane user and group. 
>  according to the installation notes, these are saned and saned, but it never 
> mentioned creating them.

There is at least a hint in the saned manpage: "Note that both
examples assume that there is a saned group and a saned user.". Any
proposals to make that line more clear?

> I believe I fixed it by setting the id in inetd to root root.  This may be a 
> security hole, but we have a good firewall, and if anyone gets past it, them 
> being able to use the scanner is the least of our problems.

The reason for saned not beeing root is that a possible bug in saned
or any backend would be more severe in this case. E.g. a backend
that accidently allows to read any file could transmit /etc/shadow if
run as root.