World writable speakup files in Linux next

Samuel Thibault samuel.thibault at ens-lyon.org
Mon Dec 13 08:06:12 EST 2010


Kirk Reiser, le Mon 13 Dec 2010 07:58:26 -0500, a écrit :
> On Sun, 12 Dec 2010, Greg KH wrote:
> >But, the world writable bit can be seen as a big security issue right
> >now, right?  It would be good to get that fixed, or at the very least,
> >narrowed down a lot right now.
> 
> Just curious, if the world writable files are working correctly and
> with no overrun buffer bugs etc why are they a security risk?

That depends what you consider as security risks. No buffer overrun is
enough for not compromising the kernel. Being able to change the way the
speech synthesizer (that the owner of the machine uses to be able to
control it) simply by being logged as a mere user on the machine, that
might be considered as a security risk.  Think of it as being able to
change the text font of the VGA console, you don't really want to allow
users to be able to do that.  You also have potential Denial of Service
by setting the volume to zero, setting the speed at maximum, etc. etc.

Samuel



More information about the Speakup mailing list