clipboard integration -- possible security implications
tony at baechler.net
Wed Oct 21 04:39:48 EDT 2009
Ideally, the clipboard text could be stored in a user's home directory.
The immediate problem I see is how Speakup is supposed to determine what
that is. Am I correct in assuming that there is no way for the kernel
to know what user is logged in and to find that user's home directory?
The next best thing would be to have a file under /sys which would have
the path and filename where the text should be stored. That way, it
could be owned by root so no other users could read it. Even if they
could, they would have to have permission to access the file listed.
For example, say the sys file is /sys/accessibility/speakup/clip. In
that file, I echo the following:
If another user logs in, they would need to have permission to access
files under /home/tony to do any good. If they wanted to copy text to
the clipboard, I would have to login as root and change the above
location or they could use something like speakupconf. That way, no
actual text would be stored under /sys at all from the clipboard.
As a final thought, since probably most systems are single user, it
probably isn't that big of a deal. I'm very concerned about security,
but I'm the only one who uses my Linux boxes, so in my case, I would
have no problem either being root or changing permissions as necessary.
I suppose you could have a clip-chmod file which would let root decide
what permissions to set on the clipboard output.
On 10/20/2009 2:00 PM, William Hubbs wrote:
> We also thought about exposing the speakup clipboard as a sys file so
> you could just access it with xclip and copy it into the X clipboard.
> The concern is that in order for this to be useful, it would have to be
> either group or world readable so that you didn't have to become root
> every time you wanted to copy from the speakup clipboard to the gnome
> clipboard. Since you can store any information, including personal
> information, in the clipboard, this opens up a security hole. Someone
> could read the sys file without you knowing about it and they would have
> whatever information was in the file when they read it.
More information about the Speakup