clipboard integration -- possible security implications

Gregory Nowak greg at romuald.net.eu.org
Wed Oct 21 17:05:26 EDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Oct 21, 2009 at 11:02:41AM -0500, William Hubbs wrote:
>  I realize that a number of systems out there are probably single user
>  home systems, but I don't feel that we can code assuming that speakup
>  will always only be used on home systems.

I would like to add my voice in support of this line of thought. Yes,
most systems out there with speakup probably are single user home
systems. However, I still think it should be borne in mind that
linux-based systems have multiuser abilities by nature, so I
personally wouldn't want to see assumptions made in speakup's
development which rely on the fact that speakup runs on single user
systems only. As a case in point, I mentioned in another thread that I
have a couple user accounts on my system for other folks, and one of
those is a shell account. Though I mostly access this system over ssh,
it does have speakup built into the kernel, so that I could hook up my
bns, and troubleshoot any boot issues. Since I mostly use this system
over ssh, I don't use speakup's cut/paste feature much on it, but
there may be cases where I need to use that feature, where the system
is in a multiuser runlevel, which of course could lead to the
possibility that someone else could have a look at potentially
sensitive content in the clipboard. Just my $0.01 worth.

Greg


- -- 
web site: http://www.romuald.net.eu.org
gpg public key: http://www.romuald.net.eu.org/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)

- --
Free domains: http://www.eu.org/ or mail dns-manager at EU.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkrfd5UACgkQ7s9z/XlyUyCxlACgsCmTPxcrvYXcGbNSZ5Ld4SRF
K9wAn0+LyjtHp86rEt5f0Ov8ida6Fzet
=7l2I
-----END PGP SIGNATURE-----



More information about the Speakup mailing list