World writable speakup files in Linux next

bardiazakeri at gmail.com bardiazakeri at gmail.com
Mon Dec 13 11:52:03 EST 2010


how i install speakup in ubuntu

--------------------------------------------------
From: "Frost" <znvyyvfgf at gmail.com>
Sent: Monday, December 13, 2010 3:53 PM
To: "Speakup is a screen review system for Linux." <speakup at braille.uwo.ca>
Subject: Re: World writable speakup files in Linux next

> On Mon, Dec 13, 2010 at 02:06:12PM +0100, Samuel Thibault wrote:
>> > >But, the world writable bit can be seen as a big security issue right
>> > >now, right?  It would be good to get that fixed, or at the very least,
>> > >narrowed down a lot right now.
>
> Can't you just monitor for keyboard activity alone, as when
> you're in a terminal console, operating the system remotely, you don't
> need to issue commands to SpeakUP?  Only at the local keyboard?
>
> Maybe it's too complicated because of the kernel or what-not.  I
> don't know.  I just figure that if it's not coming from /dev/Stty#, then
> the command should be allowed, or only allowed if the commands are being
> issued by a logged in user at the console, unless it's a major security
> risk to have the cat accidently pressing a SpeakUp key combo.  If you
> trust a person on your system enough to give them a user account, then
> it stands reasonable that you alsod trust them enough not to F with /sys
> and speakupconf without knowing what they're doing
>
> Michael
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 



More information about the Speakup mailing list