World writable speakup files in Linux next
William Hubbs
w.d.hubbs at gmail.com
Fri Dec 10 15:02:18 EST 2010
Hi Greg and all,
If you are reading the speakup mailing list, and you reply to
this, please keep all addresses in the to and cc lines as they are and
do not drop anyone.
Greg, if you are not subscribed to the speakup list, they will not have
seen your original message, so this reply is the first message they will
see.
On Fri, Dec 10, 2010 at 11:00:47AM -0800, greg wrote:
> Hi all,
>
> In doing an audit of world writable sysfs files in the kernel tree, it
> turns out that the speakup subsystem has a lot of them.
>
> It's usually not a good idea to allow any user to write to sysfs files,
> unless you are really going to be able to handle it properly.
>
> As I don't want to just blindly remove the world writable permissions on
> all of these files, could someone go through and verify which ones
> should and should not be world writable?
I will look this over, but as far as I know, all of the world writable
files in the speakup sub system represent settings which we want to
allow the local user to change.
> Also remember, sysfs files can be set to be owned by specific users by
> udev, so the "local" user to the system can have things set to be
> writable by them if needed. But that happens in userspace, don't set
> the values as writable by any user by default from within the kernel.
I don't know anything about this feature in udev. Is it dynamic, e.g. if
I log into my system locally, would I be able to write to these files,
then if kirk were physically here and logged into my system, would he be
able to write to them?
We have discussed this on the speakup list before, but the only way we
knew of to get around it was to use a "speakup" group and make all of
the files owned by root and this speakup group. But, that group would
then have to have the same name for all linux distros, and I don't think
we want to go that route unless we have to.
I like what you are talking about, Greg, if it works the way I hope it
DOES -- being able to change the ownership of the sysfs files on the fly
based on who is logged in locally.
Can you show me a udev snippet that would allow this? If so, and we can
get it to work, what do we need to do to get it in the main udev
configuration?
Thanks,
William
More information about the Speakup
mailing list