Bug 244297 - xsane passes device FD to browser when viewing help
Summary: xsane passes device FD to browser when viewing help
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: xsane   
(Show other bugs)
Version: 5.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Nils Philippsen
QA Contact:
Depends On: 455450
TreeView+ depends on / blocked
Reported: 2007-06-14 20:44 UTC by Jay Fenlason
Modified: 2014-08-31 23:28 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-09-14 14:22:53 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Jay Fenlason 2007-06-14 20:44:19 UTC
Description of problem:
I was using xsane to test my Firewire scanner.  I clicked Help->Xsane doc to 
open a browser on the documentation.  Then xsane crashed.  When I attempted to 
restart it, it said there were no scanners.  I then exited Firefox, and 
restarted xsane.  With firefox exited, xsane found the scanner and started.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.exit any existing browser
2.start xsane
3.click Help->Xsane doc
4.run lsof.  See that firefox has /dev/sg0 open.
Actual results:
Firefox has a /dev/sg0 descriptor

Expected results:
Firefox cannot access the scanner device.

Additional info:
This is probably a minor bug, but leaky file descriptors can have bad 
side-effects, including possible security holes.  (Although I can't think of a 
plausible one here.)

Comment 3 Nils Philippsen 2008-07-16 10:04:36 UTC
Jay, can you check out the current Rawhide packages (xsane-0.995-4.fc10) which
should have a patch for that? If you need it, I can rebuild that on F-8/F-9.

Comment 4 Jay Fenlason 2008-07-17 14:21:25 UTC
lsof | egrep sg
rsyslogd  2527      root    7r      REG        0,3         0 4026531848 /proc/kmsg
rpcbind   2569       rpc  mem       REG      253,0     31804     377440
xsane     3795      hack   10u      CHR       21,2       0t0       5721 /dev/sg2
xdg-open  3816      hack   10u      CHR       21,2       0t0       5721 /dev/sg2
run-mozil 3820      hack   10u      CHR       21,2       0t0       5721 /dev/sg2
firefox   3850      hack   10u      CHR       21,2       0t0       5721 /dev/sg2
dbus-laun 3854      hack   10u      CHR       21,2       0t0       5721 /dev/sg2
dbus-daem 3859      hack   10u      CHR       21,2       0t0       5721 /dev/sg2
gconfd-2  3862      hack   10u      CHR       21,2       0t0       5721 /dev/sg2
[root@fenlason-lab1 hack]# rpm -q xsane

Looks like it's still broken.

Comment 5 Nils Philippsen 2008-07-18 14:17:24 UTC
Hmm. Xsane has more than one place where it could potentially exec() the
browser. xsane-0.995-5.fc10 is building now which should hopefully catch all of
these. Jay, would you please try that one as well (should be ready in a few
mins)? Thanks.

Comment 6 RHEL Product and Program Management 2009-03-26 16:49:32 UTC
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".

Comment 7 Phil Knirsch 2009-09-14 14:22:53 UTC
Closing this as we haven't received any feedback yet for the latest xsane packages in Fedora.

Please feel free to reopen as soon as you can provide the requested information.

Thanks & regards, Phil

Note You need to log in before you can comment on or make changes to this bug.