clipboard integration -- possible security implications
tony at baechler.net
Fri Oct 23 03:11:09 EDT 2009
OK, how does speakupconf work if you're not root? If it can write to sys
files, perhaps have it write the name of the clipboard file, the same as
you would to switch synthesizers. That would give ultimate flexibility
to the user, although the question is still who the current user is. I
would define the current user as the one who is using Speakup at the
time that text is copied to the Speakup clipboard.
Another idea would be to require a user to be in a special group,
similar to only making the CD drive accessible to users in the "audio"
group. The group would have to manually be created, but it would be a
simple matter to add all users who should be allowed to read the Speakup
clipboard to that group. I had to manually add a user to the audio group
before I could extract a CD. You could also give the option of using an
already existing group, such as "admin" which is used by sudo.
On 10/22/2009 8:38 AM, William Hubbs wrote:
> How do you define the current user? It can't be the one who is
> logged in since multiple users can be logged in even on a machine that
> doesn't have network access (you can log into one vt as root and another
> as yourself for example).
> That puts us back in a situation where the files you are talking about
> have to be only accessible to root and you would have to find another
> way to create the random file name you are talking about.
More information about the Speakup