From owner-freebsd-bugs  Sat Feb 23  1:10: 7 2002
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 5EFD337B405
	for <freebsd-bugs@hub.freebsd.org>; Sat, 23 Feb 2002 01:10:01 -0800 (PST)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g1N9A1L36033;
	Sat, 23 Feb 2002 01:10:01 -0800 (PST)
	(envelope-from gnats)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id AE54037B400
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 23 Feb 2002 01:08:19 -0800 (PST)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g1N98JB35850;
	Sat, 23 Feb 2002 01:08:19 -0800 (PST)
	(envelope-from nobody)
Message-Id: <200202230908.g1N98JB35850@freefall.freebsd.org>
Date: Sat, 23 Feb 2002 01:08:19 -0800 (PST)
From: "George W. Dinolt" <gdinolt@pacbell.net>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: kern/35234: World access to /dev/pass? (for scanner) requires access to /dev/xpt?
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         35234
>Category:       kern
>Synopsis:       World access to /dev/pass? (for scanner) requires access to /dev/xpt?
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Feb 23 01:10:01 PST 2002
>Closed-Date:
>Last-Modified:
>Originator:     George W. Dinolt
>Release:        FreeBSD 5.0 Current
>Organization:
>Environment:
FreeBSD dinolt2.bingdrive.org 5.0-CURRENT FreeBSD 5.0-CURRENT #0: 
Fri Feb 15 11:18:12 PST 2002     
root@dinolt2.bingdrive.org:/usr/obj/usr/src/sys/DS-50  i386     
>Description:
I have a scanner on my scsi chain. It currently is visible on /dev/pass2.
In FreeBSD 4.4 (and previous), I only had to change permissions on
/dev/pass2 to 666 to allow anyone to access the scanner. On a very recent
5.0 Current build, I also have to change the permissions on /dev/xpt0
to 666 in order to enable a user other than "root"  access to the
scanner. I am using sane and xsane as my scanner tools. I think this 
intoduces a security vulnerability, since /dev/xpt0 is now world 
readable/writeable. 
   
>How-To-Repeat:
Put a scanner on the scsi chain. Determine the pass device node associated
with the scanner.  Change the permissions on that pass device node to 
666. Note that the scanning software will fail with a no device available
message. Change permissions on /dev/xpt0 to 666. Note that the scanner
is now accessible. 
>Fix:
      
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message