Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.security > #136

Re: sg (scsi) device permissions not effective

Show all headers | View raw

On 08/11/2012 02:44 AM, Mike Scott wrote:
> I've a pair of scanners on my system, connected to a scsi interface.
> Owing to an error in the udev rules, I've had the ownership of the sg
> interfaces set to root, group root, with permissions 0660:
>
> mike@spock:~$ ls -l /dev/sg2
> crw-rw----+ 1 root root 21, 2 Aug 11 08:42 /dev/sg2
>
> My understanding is that this ought to stop 'others' from accessing the
> device. Yet I've been happily running sane:
> mike@spock:~$ scanimage -depson2:/dev/sg2>/dev/null
> mike@spock:~$
>
>
> On investigation, it appears that it's possible for a non-root user to
> do an open() on these sg devices: the code fragment
>
> char *dev = "/dev/sg2";
> int q = open(dev, O_RDWR);
> printf(" open return = %d\n", q);
>
> returns a good file descriptor.

What access permissions does "getfacl /dev/sg2" report?

-- 
Bob Nichols         AT comcast.net I am "RNichols42"

Back to comp.os.linux.security | Previous | Next — Previous in thread | Next in thread | Find similar

Thread

sg (scsi) device permissions not effective Mike Scott <usenet.14@scottsonline.org.uk.invalid> - 2012-08-11 08:44 +0100
  Re: sg (scsi) device permissions not effective Robert Nichols <SEE_SIGNATURE@localhost.localdomain.invalid> - 2012-08-11 12:14 -0500
    Re: sg (scsi) device permissions not effective Mike Scott <usenet.14@scottsonline.org.uk.invalid> - 2012-08-11 20:46 +0100
      Re: sg (scsi) device permissions not effective "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2012-08-11 22:37 -0400
        Re: sg (scsi) device permissions not effective Mike Scott <usenet.14@scottsonline.org.uk.invalid> - 2012-08-13 10:13 +0100
  Re: sg (scsi) device permissions not effective "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2012-08-11 15:23 -0400

csiph-web