[sane-devel] Security concern about API sane_control_option()

[m. allan noah]

On 2/8/07, Olaf Meeuwissen <olaf.meeuwissen at avasys.jp> wrote:
> "simon.zheng" <Simon.Zheng at Sun.COM> writes:
>
> > I'm a new commer for SANE & XSane. Here are some
> > security questions when studying API sane_control_option().
> > I would appreciate if anyone can give help.
> >
> > Is there any possibility sane_control_option() allows
> > you to get or set any control that would allow one
> > user to affect another user. For example:
>
> sane_control_option() is there so that frontends can tell the backends
> what the user wants to do.  It's a very abstract interface and exactly
> what options are available is left to the discretion of each backend.
>
> So any security implications are not a result of sane_control_option()
> but of the set of options a particular backend chooses to provide.
>

and perhaps just as important- this consideration changes based on the lifetime
of the running application. since an individual sane backend exits at the same
time as the frontend (it is not a daemon), two users using even the same
frontend on the host will not share memory. this changes of course if you write
a frontend that is long running, like saned...

allan


-- 
"The truth is an offense, but not a sin"