summaryrefslogtreecommitdiff
path: root/PROBLEMS
diff options
context:
space:
mode:
authorJörg Frings-Fürst <debian@jff.email>2024-06-30 15:46:39 +0200
committerJörg Frings-Fürst <debian@jff.email>2024-06-30 15:46:39 +0200
commit73365252941d4053dca0e7fa06f4c205194cf1b8 (patch)
tree3eff4566f12e48cfee6b35955d262e46ee5a5da1 /PROBLEMS
parent52c7d661296d9efb9a51b52c38dda22516cf981a (diff)
parent3c9b873509b5c2278d4e345bf86a22c1ff26f3c0 (diff)
Merge branch 'release/debian/1.3.0-1'debian/1.3.0-1
Diffstat (limited to 'PROBLEMS')
-rw-r--r--PROBLEMS14
1 files changed, 7 insertions, 7 deletions
diff --git a/PROBLEMS b/PROBLEMS
index 62466c1..22369b8 100644
--- a/PROBLEMS
+++ b/PROBLEMS
@@ -1,5 +1,3 @@
-Last update: 2006-01-05
-
- Avoiding damage on flatbed scanners
Most flatbed scanners have no protection against exceeding the physical scan
@@ -15,8 +13,10 @@ Last update: 2006-01-05
- Security problems with saned (SANE network scanning daemon)
- saned is not intended to be exposed to the internet or other non-trusted
- networks. Make sure that access is limited by tcpwrappers and/or a firewall
- setup. Don't depend only on saned's own authentication. Don't run saned
- as root if it's not necessary. And do not install saned as setuid root.
- Read man saned(8) for details.
+ saned does not provide confidentiality when communicating with clients.
+ If saned is exposed directly on the network, other users may be able to
+ intercept scanned images, or learn passwords for connecting to saned,
+ with little effort. Client systems should connect to saned through a
+ secure tunnel to the server instead.
+
+ saned is not a trusted program and should not run with root privileges.