World writable speakup files in Linux next

Michael Whapples mwhapples at aim.com
Mon Dec 13 16:13:11 EST 2010 

Hello,
Here are some of my thoughts on this: As a user I don't want the process 
to change parameters for speech output to be long or complicated. One 
way in which this is met while seemingly keeping things secure is the 
speakup keyboard commands (eg. capslock+1 or capslock+2 for volume). If 
I have understood this correctly these keyboard commands need me to be 
present in front of the computer. Could it be confirmed that these don't 
need the files to be world writable?

So if the above is correct what might the consequence of making these 
files not world writable? One thing which comes to mind is, how would 
this impact on the setting of parameters in scripts (eg. to get default 
parameters as I like when the system boots)? How would some of the 
proposed changes (eg. using consolekit) impact on the setting of 
parameters in scripts?

Michael Whapples
On -10/01/37 20:59, Frost wrote:
> On Mon, Dec 13, 2010 at 04:41:57PM +0100, Samuel Thibault wrote:
>> No, you can't, because the loggued-in person might be a
>> virus/worm/attacker/whatever which compromised the user's account.
> 	Then your security was breached already, and has nothing to do
> with speakup.  Personally, I think it's far worse for security to let a
> user have access to any and every mail client on the system, in case
> they use it to spam the entire planet with it, and those are left wide
> open on purpose.<shrugs>  You don't see me clamping down restrictions on
> those, just because someone *might* abuse them and lose me my internet
> connection.
>
> 	If it's a virus, then it's not SpeakUP's problem, but mine for
> not following proper prophylactic procedures.  If it's a user on the
> system goofing off, first they get warned, then they lose their
> accounts.  Again, it's not SpeakUP's fault.  Having access to SpeakUP
> from any console under any account *is* my problem, and I don't want to
> go thru 20 different steps, just to kick up the volume a notch on my own
> friggin keyboard.  I certainly don't want to have to go through 20
> different steps every time I need to su to someone else to check if
> something is working properly for them.  Secure SpeakUP on your own,
> create your own distro, and release that if you want.  Stay out of my
> computer.
>
> 				Michael
>

More information about the Speakup mailing list