From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-vw0-f42.google.com (mail-vw0-f42.google.com [209.85.212.42]) by speech.braille.uwo.ca (Postfix) with ESMTP id 66FDAC1A16D; Fri, 10 Dec 2010 15:02:23 -0500 (EST) Received: by vws11 with SMTP id 11so2462587vws.29 for ; Fri, 10 Dec 2010 12:02:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:received:date:from:to:cc :subject:message-id:mail-followup-to:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=+/IrHxrVFl6Tkn4TeTroe85bccMv4iq0205ij6bAWmU=; b=iuwUXgwAZKW4sM+A87a6AIzSyqdQ9BmmSHFNfoIvLTrTmWTtCh0w9qozcl3HX8MBls pqnyNEMUDU5YhUMF6WzhmBlDev4VcvI2hGDXW6tcT6s9gdeumbYAMZXLKHhfINrJqmbP dPK/8EXpVXA7WeeOc7BiYm5zm8LS7jMuEWHVI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; b=DEr5+MvS2jT4TMtBQFnspulZYghaJm7seW5XQZCzKWQ2ydTtlbMDqu0qwVfG3ca/2H drYinMfTuhMkXbaZiyuyrfMboDtcn7OUNwLNv0T79fqfdanyIMyI6fGhh0kXBbR4jl0Y CIMLyl+gPcOU/0GSrfTiINgcvpWkYlwnF1kRA= Received: by 10.220.182.199 with SMTP id cd7mr293331vcb.176.1292011342645; Fri, 10 Dec 2010 12:02:22 -0800 (PST) Received: from linux1 (cpe-76-183-49-63.tx.res.rr.com [76.183.49.63]) by mx.google.com with ESMTPS id r7sm1385886vbx.9.2010.12.10.12.02.19 (version=SSLv3 cipher=RC4-MD5); Fri, 10 Dec 2010 12:02:21 -0800 (PST) Received: by linux1 (sSMTP sendmail emulation); Fri, 10 Dec 2010 14:02:18 -0600 Date: Fri, 10 Dec 2010 14:02:18 -0600 From: William Hubbs To: Greg KH Subject: Re: World writable speakup files in Linux next Message-ID: <20101210200218.GA12830@linux1> Mail-Followup-To: Greg KH , chris@the-brannons.com, kirk@braille.uwo.ca, samuel.thibault@ens-lyon.org, speakup@braille.uwo.ca References: <20101210190047.GA19219@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20101210190047.GA19219@kroah.com> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: kirk@braille.uwo.ca, speakup@braille.uwo.ca X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.1.13 Precedence: list Reply-To: "Speakup is a screen review system for Linux." List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Dec 2010 20:02:23 -0000 Hi Greg and all, If you are reading the speakup mailing list, and you reply to this, please keep all addresses in the to and cc lines as they are and do not drop anyone. Greg, if you are not subscribed to the speakup list, they will not have seen your original message, so this reply is the first message they will see. On Fri, Dec 10, 2010 at 11:00:47AM -0800, greg wrote: > Hi all, > > In doing an audit of world writable sysfs files in the kernel tree, it > turns out that the speakup subsystem has a lot of them. > > It's usually not a good idea to allow any user to write to sysfs files, > unless you are really going to be able to handle it properly. > > As I don't want to just blindly remove the world writable permissions on > all of these files, could someone go through and verify which ones > should and should not be world writable? I will look this over, but as far as I know, all of the world writable files in the speakup sub system represent settings which we want to allow the local user to change. > Also remember, sysfs files can be set to be owned by specific users by > udev, so the "local" user to the system can have things set to be > writable by them if needed. But that happens in userspace, don't set > the values as writable by any user by default from within the kernel. I don't know anything about this feature in udev. Is it dynamic, e.g. if I log into my system locally, would I be able to write to these files, then if kirk were physically here and logged into my system, would he be able to write to them? We have discussed this on the speakup list before, but the only way we knew of to get around it was to use a "speakup" group and make all of the files owned by root and this speakup group. But, that group would then have to have the same name for all linux distros, and I don't think we want to go that route unless we have to. I like what you are talking about, Greg, if it works the way I hope it DOES -- being able to change the ownership of the sysfs files on the fly based on who is logged in locally. Can you show me a udev snippet that would allow this? If so, and we can get it to work, what do we need to do to get it in the main udev configuration? Thanks, William