From: William Hubbs <w.d.hubbs@gmail.com>
To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca>
Subject: Re: clipboard integration -- possible security implications
Date: Fri, 23 Oct 2009 14:23:38 -0500 [thread overview]
Message-ID: <20091023192338.GB2907@linux1> (raw)
In-Reply-To: <4ae199b3.6202be0a.6021.0c25@mx.google.com>
On Fri, Oct 23, 2009 at 06:55:35AM -0500, Chris Brannon wrote:
> > although the question is still who the current user is. I
> > would define the current user as the one who is using Speakup at the
> > time that text is copied to the Speakup clipboard.
>
> That is a perfect definition! How do you determine who the current user is?
> I looked at headers under /usr/src/linux/include yesterday, and there
> doesn't seem to be any sort of userid field associated with the C structs
> that represent virtual consoles.
Right, I don't believe the kernel has anything to do with managing
users/groups/logins/logouts other than enforcing permissions. It
manages the virtual terminals, but it doesn't seem to know or care who
is using them.
> I suppose that you could use the number of the virtual console on which
> the copy / paste operation is being performed.
Even if you know this, I don't know of a way you can tell from the
kernel who is logged onto that virtual terminal.
> Next, you have to figure out how to contact the X server that the current
> user is using.
>
> If there is going to be any sort of automatic transfer of data between
> Speakup's cut buffer and the X clipboard, then both of those pieces
> of info need to be known. Who requested the copy or paste, and where is
> his X server -- assuming that he is running X?
The only way I can think of to get the user's X server (assuming you
know who the user is), would be to get into his environment and check
the DISPLAY environment variable he has set. But, I have no idea how
this could be done.
> > Another idea would be to require a user to be in a special group,
> > similar to only making the CD drive accessible to users in the "audio"
> > group. The group would have to manually be created
>
> This is a really good idea, for everything under /sys/accessibility/speakup.
> The group would be created by the person who packages Speakup for your distro.
> The file ownerships need to be set correctly whenever speakup's modules are
> loaded. If you look at "man modprobe.conf", there's a description of
> something called "install". This "install" primitive allows us to run
> arbitrary commands whilst loading a module.
> The people who package Speakup could probably do all of this today, without
> requiring any change to the Speakup code.
> This won't solve all the problems related to automatic export / import
> of the clipboard, though.
Right, securing speakup's /sys files, in general, is a completely
separate subject imho. I do agree though that this would be best
handled in user space without doing anything to the speakup code.
William
next prev parent reply other threads:[~ UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
William Hubbs
` Zachary Kline
` Glenn Ervin
` Chris Brannon
` Tony Baechler
` William Hubbs
` Gregory Nowak
` Jason White
` Tony Baechler
` William Hubbs
` Tony Baechler
` Chris Brannon
` Gaijin
` Chris Brannon
` Tony Baechler
` William Hubbs [this message]
` Tony Baechler
` Chris Brannon
` Steve Holmes
` Tony Baechler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091023192338.GB2907@linux1 \
--to=w.d.hubbs@gmail.com \
--cc=speakup@braille.uwo.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).