[sane-devel] Umask and xsane

Ralph Little littlesincanada at yahoo.co.uk
Tue Aug 27 17:10:49 BST 2019


 On Tuesday, August 27, 2019, 6:21:54 a.m. PDT, Richard Ryniker <ryniker at alum.mit.edu> wrote: 

> When a user changes to the scanner group in order to access the scanner,
> it would be a security fault if his images can be seen by other users in
> the scanner group.  Therefore, when using the scanner, umask should be
> set by default to preclude access by other group members to new image
> files.  If group access is desired, the user should explicitly arrange
> that - by change to the umask value during scanning, or to file
> attributes after scanning.

Yes, I did consider this. Sometimes we scan sensitive images that we would rather others could not see.
However, the umask used for new images is settable in preferences.
This patch changes the hard-coded umask for other artifacts such as rc and preferences.
I suppose this change would prevent a rogue "scanner" group member from changing another member's preferences surreptitiously thus potentially revealing subsequent scan files.

I'm sufficiently convinced to accept the change.


More information about the sane-devel mailing list