On 2/8/07, Olaf Meeuwissen <[email protected]> wrote: > "simon.zheng" <[email protected]> writes: > > > I'm a new commer for SANE & XSane. Here are some > > security questions when studying API sane_control_option(). > > I would appreciate if anyone can give help. > > > > Is there any possibility sane_control_option() allows > > you to get or set any control that would allow one > > user to affect another user. For example: > > sane_control_option() is there so that frontends can tell the backends > what the user wants to do. It's a very abstract interface and exactly > what options are available is left to the discretion of each backend. > > So any security implications are not a result of sane_control_option() > but of the set of options a particular backend chooses to provide. >
and perhaps just as important- this consideration changes based on the lifetime of the running application. since an individual sane backend exits at the same time as the frontend (it is not a daemon), two users using even the same frontend on the host will not share memory. this changes of course if you write a frontend that is long running, like saned... allan -- "The truth is an offense, but not a sin"
