From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-px0-f176.google.com (mail-px0-f176.google.com [209.85.212.176]) by speech.braille.uwo.ca (Postfix) with ESMTP id 45248C1A3E0 for ; Mon, 13 Dec 2010 09:50:23 -0500 (EST) Received: by pxi11 with SMTP id 11so1526265pxi.21 for ; Mon, 13 Dec 2010 06:50:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:references:mime-version:content-type:content-disposition :in-reply-to:user-agent; bh=1sjK69zlSb/kLvNVYWB7RgH/44aWctSTPad/eOOqWFM=; b=N8H1RGthEBTJi9SMKULaFy+e677+w7rvETzt26ns3fHdVVrJd3n/4fowCEtrCiRw7I N4A5RQwoL7fkHVCMI6GvOL3AjlJ2i9zUpDQXZ6B3fo38XNx+q5uG0bCFZC4cl6BF6pp5 inqPmxmHwoh2Sceqk+dyzKG5/bHMFi+B40reg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=dZd+bROH4CKoWCltnbqyJITVJ7FpZnhRrwA780VPiL0xdDo4aYHt5Oy+vp5+ZORQ3+ lg/ZwpAIY2F0NKRxck076FByJa0mwn//kqrz4QvESWFqHJRLwjNrp/FE0xsX610QOthv fn+lh8DU+ZlvgLHOiuMosCIThS51o9dt+6QuM= Received: by 10.142.126.14 with SMTP id y14mr3267342wfc.132.1292251822516; Mon, 13 Dec 2010 06:50:22 -0800 (PST) Received: from localhost (c-76-127-93-92.hsd1.ca.comcast.net [76.127.93.92]) by mx.google.com with ESMTPS id e14sm9007616wfg.20.2010.12.13.06.50.21 (version=TLSv1/SSLv3 cipher=RC4-MD5); Mon, 13 Dec 2010 06:50:22 -0800 (PST) Date: Mon, 13 Dec 2010 14:53:06 +0000 From: Frost To: "Speakup is a screen review system for Linux." Subject: Re: World writable speakup files in Linux next Message-ID: <20101213145306.GA8824@rivensight.dyndns.org> References: <20101210190047.GA19219@kroah.com> <87lj3wufx7.fsf@the-brannons.com> <20101211222834.GA27436@linux1> <20101212023532.GA6486@const> <20101212182940.GB16883@kroah.com> <20101213130612.GT5411@const.bordeaux.inria.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20101213130612.GT5411@const.bordeaux.inria.fr> User-Agent: Mutt/1.5.20 (2009-06-14) X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.1.13 Precedence: list Reply-To: "Speakup is a screen review system for Linux." List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 14:50:23 -0000 On Mon, Dec 13, 2010 at 02:06:12PM +0100, Samuel Thibault wrote: > > >But, the world writable bit can be seen as a big security issue right > > >now, right? It would be good to get that fixed, or at the very least, > > >narrowed down a lot right now. Can't you just monitor for keyboard activity alone, as when you're in a terminal console, operating the system remotely, you don't need to issue commands to SpeakUP? Only at the local keyboard? Maybe it's too complicated because of the kernel or what-not. I don't know. I just figure that if it's not coming from /dev/Stty#, then the command should be allowed, or only allowed if the commands are being issued by a logged in user at the console, unless it's a major security risk to have the cat accidently pressing a SpeakUp key combo. If you trust a person on your system enough to give them a user account, then it stands reasonable that you alsod trust them enough not to F with /sys and speakupconf without knowing what they're doing Michael