Package: sane-utils Version: 1.0.19-15 Severity: important The Debian-specific patch to saned(8) that implements the -a command line option does not work properly when setting the process group ID. There are two problems with it:
1. It does a seteuid(2) before setegid(2), so the setegid(2) will fail with EPERM. It should do the setegid(2) while it still has root privileges. 2. It does not set the supplemental group IDs. By default, saned would run as saned:saned, but needs group "scanner" permissions to open USB devices. The patch should use getgrouplist(3) followed by setgroups(2) to set the supplemental group list. Finally, the result of system calls should be checked and appropriate error paths taken. Had this been done, this bug would not have made it past release. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.25.11-orthanc-1 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages sane-utils depends on: ii adduser 3.108 add and remove users and groups ii debconf [debconf-2.0] 1.5.23 Debian configuration management sy ii libavahi-client3 0.6.23-2 Avahi client library ii libavahi-common3 0.6.23-2 Avahi common library ii libc6 2.7-13 GNU C Library: Shared libraries ii libieee1284-3 0.2.11-5 cross-platform library for paralle ii libsane 1.0.19-15 API library for scanners ii libusb-0.1-4 2:0.1.12-12 userspace USB programming library ii update-inetd 4.30 inetd configuration file updater Versions of packages sane-utils recommends: ii avahi-daemon 0.6.23-2 Avahi mDNS/DNS-SD daemon Versions of packages sane-utils suggests: pn unpaper <none> (no description available) -- debconf information: sane-utils/saned_run: true sane-utils/saned_scanner_group: true -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
