From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from cdptpa-omtalb.mail.rr.com (cdptpa-omtalb.mail.rr.com [75.180.132.123]) by speech.braille.uwo.ca (Postfix) with ESMTP id 1231910C10 for ; Wed, 21 Oct 2009 12:02:43 -0400 (EDT) Received: from linux1.localdomain ([76.183.49.63]) by cdptpa-omta02.mail.rr.com with ESMTP id <20091021160241845.TTCA12118@cdptpa-omta02.mail.rr.com> for ; Wed, 21 Oct 2009 16:02:41 +0000 Received: by linux1.localdomain (Postfix, from userid 1000) id 5D30743C03; Wed, 21 Oct 2009 11:02:41 -0500 (CDT) Date: Wed, 21 Oct 2009 11:02:41 -0500 From: William Hubbs To: "Speakup is a screen review system for Linux." Subject: Re: clipboard integration -- possible security implications Message-ID: <20091021160241.GA16006@linux1> Mail-Followup-To: "Speakup is a screen review system for Linux." References: <20091020210034.GB32242@linux1> <4ADEC8D4.2040709@baechler.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <4ADEC8D4.2040709@baechler.net> User-Agent: Mutt/1.5.20 (2009-06-14) X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.1.12 Precedence: list Reply-To: "Speakup is a screen review system for Linux." List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2009 16:02:43 -0000 Hi Tony, On Wed, Oct 21, 2009 at 01:39:48AM -0700, Tony Baechler wrote: > Ideally, the clipboard text could be stored in a user's home directory. = =20 > The immediate problem I see is how Speakup is supposed to determine what= =20 > that is. Am I correct in assuming that there is no way for the kernel=20 > to know what user is logged in and to find that user's home directory? Correct, the kernel has no idea about where home directories are. > The next best thing would be to have a file under /sys which would have= =20 > the path and filename where the text should be stored. That way, it=20 > could be owned by root so no other users could read it. Even if they=20 > could, they would have to have permission to access the file listed. =20 > For example, say the sys file is /sys/accessibility/speakup/clip. In=20 > that file, I echo the following: >=20 > /home/tony/clip >=20 > If another user logs in, they would need to have permission to access=20 > files under /home/tony to do any good. If they wanted to copy text to=20 > the clipboard, I would have to login as root and change the above=20 > location or they could use something like speakupconf. That way, no=20 > actual text would be stored under /sys at all from the clipboard. =20 This idea leads to another issue. If your system is compromised, it would be possible for someone to put something in the sys file like: /boot/vmlinuz and take your system down since the kernel could be directed to overwrite any file in the filesystem. > As a final thought, since probably most systems are single user, it=20 > probably isn't that big of a deal. I'm very concerned about security,=20 > but I'm the only one who uses my Linux boxes, so in my case, I would=20 > have no problem either being root or changing permissions as necessary. = =20 > I suppose you could have a clip-chmod file which would let root decide=20 > what permissions to set on the clipboard output. =20 I realize that a number of systems out there are probably single user home systems, but I don't feel that we can code assuming that speakup will always only be used on home systems. William