World writable speakup files in Linux next

Samuel Thibault samuel.thibault at ens-lyon.org
Mon Dec 13 15:01:34 EST 2010


Frost, le Mon 13 Dec 2010 18:21:10 +0000, a écrit :
> On Mon, Dec 13, 2010 at 04:41:57PM +0100, Samuel Thibault wrote:
> > No, you can't, because the loggued-in person might be a
> > virus/worm/attacker/whatever which compromised the user's account.
> 
> 	Then your security was breached already, and has nothing to do 
> with speakup.

A userland breach is way less dangerous than a root or a kernel breach.

> Personally, I think it's far worse for security to let a 
> user have access to any and every mail client on the system, in case 
> they use it to spam the entire planet with it, and those are left wide 
> open on purpose. <shrugs> You don't see me clamping down restrictions on 
> those, just because someone *might* abuse them and lose me my internet 
> connection.

My point is: when it happens, you don't want to loose physical control
of the machine.

> I don't want to go thru 20 different steps, just to kick up the volume
> a notch on my own friggin keyboard.

Who said so?

> I certainly don't want to have to go through 20 different steps every
> time I need to su to someone else to check if something is working
> properly for them.

Again, who said so?

As I said already, consolekit already handles that for audio.

Samuel



More information about the Speakup mailing list