Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 23 Feb 2002 01:08:19 -0800 (PST)
From:      "George W. Dinolt" <gdinolt@pacbell.net>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/35234: World access to /dev/pass? (for scanner) requires access to /dev/xpt?
Message-ID:  <200202230908.g1N98JB35850@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         35234
>Category:       kern
>Synopsis:       World access to /dev/pass? (for scanner) requires access to /dev/xpt?
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Feb 23 01:10:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     George W. Dinolt
>Release:        FreeBSD 5.0 Current
>Organization:
>Environment:
FreeBSD dinolt2.bingdrive.org 5.0-CURRENT FreeBSD 5.0-CURRENT #0: 
Fri Feb 15 11:18:12 PST 2002     
root@dinolt2.bingdrive.org:/usr/obj/usr/src/sys/DS-50  i386     
>Description:
I have a scanner on my scsi chain. It currently is visible on /dev/pass2.
In FreeBSD 4.4 (and previous), I only had to change permissions on
/dev/pass2 to 666 to allow anyone to access the scanner. On a very recent
5.0 Current build, I also have to change the permissions on /dev/xpt0
to 666 in order to enable a user other than "root"  access to the
scanner. I am using sane and xsane as my scanner tools. I think this 
intoduces a security vulnerability, since /dev/xpt0 is now world 
readable/writeable. 
   
>How-To-Repeat:
Put a scanner on the scsi chain. Determine the pass device node associated
with the scanner.  Change the permissions on that pass device node to 
666. Note that the scanning software will fail with a no device available
message. Change permissions on /dev/xpt0 to 666. Note that the scanner
is now accessible. 
>Fix:
      
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202230908.g1N98JB35850>