Bug 244297 - xsane passes device FD to browser when viewing help
xsane passes device FD to browser when viewing help
Status: CLOSED INSUFFICIENT_DATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: xsane (Show other bugs)
5.0
All Linux
low Severity low
: ---
: ---
Assigned To: Nils Philippsen
:
Depends On: 455450
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-14 16:44 EDT by Jay Fenlason
Modified: 2014-08-31 19:28 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-14 10:22:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jay Fenlason 2007-06-14 16:44:19 EDT
Description of problem:
I was using xsane to test my Firewire scanner.  I clicked Help->Xsane doc to 
open a browser on the documentation.  Then xsane crashed.  When I attempted to 
restart it, it said there were no scanners.  I then exited Firefox, and 
restarted xsane.  With firefox exited, xsane found the scanner and started.

Version-Release number of selected component (if applicable):
xsane-0.991-4.el5

How reproducible:
always

Steps to Reproduce:
1.exit any existing browser
2.start xsane
3.click Help->Xsane doc
4.run lsof.  See that firefox has /dev/sg0 open.
  
Actual results:
Firefox has a /dev/sg0 descriptor

Expected results:
Firefox cannot access the scanner device.

Additional info:
This is probably a minor bug, but leaky file descriptors can have bad 
side-effects, including possible security holes.  (Although I can't think of a 
plausible one here.)
Comment 3 Nils Philippsen 2008-07-16 06:04:36 EDT
Jay, can you check out the current Rawhide packages (xsane-0.995-4.fc10) which
should have a patch for that? If you need it, I can rebuild that on F-8/F-9.
Comment 4 Jay Fenlason 2008-07-17 10:21:25 EDT
lsof | egrep sg
rsyslogd  2527      root    7r      REG        0,3         0 4026531848 /proc/kmsg
rpcbind   2569       rpc  mem       REG      253,0     31804     377440
/usr/lib/libgssglue.so.1.0.0
xsane     3795      hack   10u      CHR       21,2       0t0       5721 /dev/sg2
xdg-open  3816      hack   10u      CHR       21,2       0t0       5721 /dev/sg2
run-mozil 3820      hack   10u      CHR       21,2       0t0       5721 /dev/sg2
firefox   3850      hack   10u      CHR       21,2       0t0       5721 /dev/sg2
dbus-laun 3854      hack   10u      CHR       21,2       0t0       5721 /dev/sg2
dbus-daem 3859      hack   10u      CHR       21,2       0t0       5721 /dev/sg2
gconfd-2  3862      hack   10u      CHR       21,2       0t0       5721 /dev/sg2
[root@fenlason-lab1 hack]# rpm -q xsane
xsane-0.995-4.fc10.i386

Looks like it's still broken.
Comment 5 Nils Philippsen 2008-07-18 10:17:24 EDT
Hmm. Xsane has more than one place where it could potentially exec() the
browser. xsane-0.995-5.fc10 is building now which should hopefully catch all of
these. Jay, would you please try that one as well (should be ready in a few
mins)? Thanks.
Comment 6 RHEL Product and Program Management 2009-03-26 12:49:32 EDT
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 7 Phil Knirsch 2009-09-14 10:22:53 EDT
Closing this as we haven't received any feedback yet for the latest xsane packages in Fedora.

Please feel free to reopen as soon as you can provide the requested information.

Thanks & regards, Phil

Note You need to log in before you can comment on or make changes to this bug.