From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from cdptpa-omtalb.mail.rr.com (cdptpa-omtalb.mail.rr.com [75.180.132.120]) by speech.braille.uwo.ca (Postfix) with ESMTP id 8CFC510DAE for ; Fri, 23 Oct 2009 15:23:39 -0400 (EDT) Received: from linux1.localdomain ([76.183.49.63]) by cdptpa-omta02.mail.rr.com with ESMTP id <20091023192338926.UUQV12118@cdptpa-omta02.mail.rr.com> for ; Fri, 23 Oct 2009 19:23:38 +0000 Received: by linux1.localdomain (Postfix, from userid 1000) id 8CAE843C03; Fri, 23 Oct 2009 14:23:38 -0500 (CDT) Date: Fri, 23 Oct 2009 14:23:38 -0500 From: William Hubbs To: "Speakup is a screen review system for Linux." Subject: Re: clipboard integration -- possible security implications Message-ID: <20091023192338.GB2907@linux1> Mail-Followup-To: "Speakup is a screen review system for Linux." References: <20091020210034.GB32242@linux1> <4ADEC8D4.2040709@baechler.net> <20091021160241.GA16006@linux1> <4AE01077.7010607@baechler.net> <20091022153810.GA17686@linux1> <4AE1570D.8040105@baechler.net> <4ae199b3.6202be0a.6021.0c25@mx.google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4ae199b3.6202be0a.6021.0c25@mx.google.com> User-Agent: Mutt/1.5.20 (2009-06-14) X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.1.12 Precedence: list Reply-To: "Speakup is a screen review system for Linux." List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2009 19:23:44 -0000 On Fri, Oct 23, 2009 at 06:55:35AM -0500, Chris Brannon wrote: > > although the question is still who the current user is. I > > would define the current user as the one who is using Speakup at the > > time that text is copied to the Speakup clipboard. > > That is a perfect definition! How do you determine who the current user is? > I looked at headers under /usr/src/linux/include yesterday, and there > doesn't seem to be any sort of userid field associated with the C structs > that represent virtual consoles. Right, I don't believe the kernel has anything to do with managing users/groups/logins/logouts other than enforcing permissions. It manages the virtual terminals, but it doesn't seem to know or care who is using them. > I suppose that you could use the number of the virtual console on which > the copy / paste operation is being performed. Even if you know this, I don't know of a way you can tell from the kernel who is logged onto that virtual terminal. > Next, you have to figure out how to contact the X server that the current > user is using. > > If there is going to be any sort of automatic transfer of data between > Speakup's cut buffer and the X clipboard, then both of those pieces > of info need to be known. Who requested the copy or paste, and where is > his X server -- assuming that he is running X? The only way I can think of to get the user's X server (assuming you know who the user is), would be to get into his environment and check the DISPLAY environment variable he has set. But, I have no idea how this could be done. > > Another idea would be to require a user to be in a special group, > > similar to only making the CD drive accessible to users in the "audio" > > group. The group would have to manually be created > > This is a really good idea, for everything under /sys/accessibility/speakup. > The group would be created by the person who packages Speakup for your distro. > The file ownerships need to be set correctly whenever speakup's modules are > loaded. If you look at "man modprobe.conf", there's a description of > something called "install". This "install" primitive allows us to run > arbitrary commands whilst loading a module. > The people who package Speakup could probably do all of this today, without > requiring any change to the Speakup code. > This won't solve all the problems related to automatic export / import > of the clipboard, though. Right, securing speakup's /sys files, in general, is a completely separate subject imho. I do agree though that this would be best handled in user space without doing anything to the speakup code. William