From nobody@FreeBSD.org  Sat Feb 23 01:08:20 2002
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id AE54037B400
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 23 Feb 2002 01:08:19 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g1N98JB35850;
	Sat, 23 Feb 2002 01:08:19 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200202230908.g1N98JB35850@freefall.freebsd.org>
Date: Sat, 23 Feb 2002 01:08:19 -0800 (PST)
From: "George W. Dinolt" <gdinolt@pacbell.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: World access to /dev/pass? (for scanner) requires access to /dev/xpt?
X-Send-Pr-Version: www-1.0

>Number:         35234
>Category:       kern
>Synopsis:       World access to /dev/pass? (for scanner) requires access to /dev/xpt?
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-scsi
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Feb 23 01:10:01 PST 2002
>Closed-Date:    Tue Apr 09 19:58:32 UTC 2013
>Last-Modified:  Tue Apr 09 19:58:32 UTC 2013
>Originator:     George W. Dinolt
>Release:        FreeBSD 5.0 Current
>Organization:
>Environment:
FreeBSD dinolt2.bingdrive.org 5.0-CURRENT FreeBSD 5.0-CURRENT #0: 
Fri Feb 15 11:18:12 PST 2002     
root@dinolt2.bingdrive.org:/usr/obj/usr/src/sys/DS-50  i386     
>Description:
I have a scanner on my scsi chain. It currently is visible on /dev/pass2.
In FreeBSD 4.4 (and previous), I only had to change permissions on
/dev/pass2 to 666 to allow anyone to access the scanner. On a very recent
5.0 Current build, I also have to change the permissions on /dev/xpt0
to 666 in order to enable a user other than "root"  access to the
scanner. I am using sane and xsane as my scanner tools. I think this 
intoduces a security vulnerability, since /dev/xpt0 is now world 
readable/writeable. 
   
>How-To-Repeat:
Put a scanner on the scsi chain. Determine the pass device node associated
with the scanner.  Change the permissions on that pass device node to 
666. Note that the scanning software will fail with a no device available
message. Change permissions on /dev/xpt0 to 666. Note that the scanner
is now accessible. 
>Fix:
      
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-scsi 
Responsible-Changed-By: arved 
Responsible-Changed-When: Mon Aug 30 21:54:00 GMT 2004 
Responsible-Changed-Why:  
Over to freebsd-scsi, maybe this has already been fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=35234 
State-Changed-From-To: open->closed 
State-Changed-By: sbruno 
State-Changed-When: Tue Apr 9 19:53:40 UTC 2013 
State-Changed-Why:  
This is addressed in the user's guide.   

http://www.freebsd.org/doc/en/books/handbook/scanners.html 


http://www.freebsd.org/cgi/query-pr.cgi?pr=35234 
>Unformatted:
