Hi, I'm a new commer for SANE & XSane. Here are some security questions when studying API sane_control_option(). I would appreciate if anyone can give help.
Is there any possibility sane_control_option() allows you to get or set any control that would allow one user to affect another user. For example: - User A logs in, sets a control that disables the scanner. User A logs out and user B logs in. He can't access the scanner, and does not know why. This is a Denial-Of-Service. - User A logs in, uses the scanner, logs out. User B logs in, and uses a control to access information about what user A scanned - perhaps even the image files from a buffer. Aside from sane_control_option(), are there any other exposed interfaces that would allow one user to affect another user if they have full access to the device via SANE API? Thanks, -Simon
