Re: World writable speakup files in Linux next

Re: World writable speakup files in Linux next

[William Hubbs]

Hi Greg and all,

If you are reading the speakup mailing list, and you reply to
this, please keep all addresses in the to and cc lines as they are and
do not drop anyone.

Greg, if you are  not subscribed to the speakup list, they will not have
seen your original message, so this reply is the first message they will
see.

On Fri, Dec 10, 2010 at 11:00:47AM -0800, greg wrote:
> Hi all,
> 
> In doing an audit of world writable sysfs files in the kernel tree, it
> turns out that the speakup subsystem has a lot of them.
> 
> It's usually not a good idea to allow any user to write to sysfs files,
> unless you are really going to be able to handle it properly.
> 
> As I don't want to just blindly remove the world writable permissions on
> all of these files, could someone go through and verify which ones
> should and should not be world writable?

I will look this over, but as far as I know, all of the world writable
files in the speakup sub system represent settings which we want to
allow the local user to change.

> Also remember, sysfs files can be set to be owned by specific users by
> udev, so the "local" user to the system can have things set to be
> writable by them if needed.  But that happens in userspace, don't set
> the values as writable by any user by default from within the kernel.
 
I don't know anything about this feature in udev. Is it dynamic, e.g. if
I log into my system locally, would I be able to write to these files,
then if kirk were physically here and logged into my system, would he be
able to write to them?

We have discussed this on the speakup list before, but the only way we
knew of to get around it was to use a "speakup" group and make all of
the files owned by root and this speakup group. But, that group would
then have to have the same name for all linux distros, and I don't think
we want to go that route unless we have to.

I like what you are talking about, Greg, if it works the way I hope it
DOES -- being able to change the ownership of the sysfs files on the fly
based on who is logged in locally.

Can you show me a udev snippet that would allow this? If so, and we can
get  it to work, what do we need to do to get it in the main udev
configuration?

Thanks,

William

Re: World writable speakup files in Linux next

[Frost]

On Fri, Dec 10, 2010 at 02:02:18PM -0600, William Hubbs wrote:
> > In doing an audit of world writable sysfs files in the kernel tree, it
> > turns out that the speakup subsystem has a lot of them.

	Just make it so that a linux newbie isn't typing 50,000 commands 
and editting 70,000 configuration files, trying to get it to friggin 
work without sighted assistance, okay?

				Michael

Re: World writable speakup files in Linux next

[Christopher Brannon]

Greg KH <greg@kroah.com> writes:

> As I don't want to just blindly remove the world writable permissions on

Hah, hah!  This is very punny, though I'm certain that you didn't intend
to make a pun.  (Highlighting *blindly*).

> all of these files, could someone go through and verify which ones
> should and should not be world writable?

Personally, I'd say ditch the world-readable bit.  We should deal with
this in terms of groups.  The only user who should really be able to
write to these files is the one sitting at the console.

-- Chris

Re: World writable speakup files in Linux next

[William Hubbs]

On Sat, Dec 11, 2010 at 10:02:12PM +0000, Christopher Brannon wrote:
> Greg KH <greg@kroah.com> writes:
> 
> > As I don't want to just blindly remove the world writable permissions on
> 
> Hah, hah!  This is very punny, though I'm certain that you didn't intend
> to make a pun.  (Highlighting *blindly*).
> 
> > all of these files, could someone go through and verify which ones
> > should and should not be world writable?
> 
> Personally, I'd say ditch the world-readable bit.  We should deal with
> this in terms of groups.  The only user who should really be able to
> write to these files is the one sitting at the console.

Do we know for sure that udev can manipulate the group ownership of
files in the /sys hierarchy? I'll be the first to admit that I have only
briefly looked at udev, but I don't think we should remove the world
writable bit until we know for sure whether udev can do anything with
the /sys hierarchy.

Thanks,

William

Re: World writable speakup files in Linux next

[Samuel Thibault]

William Hubbs, le Sat 11 Dec 2010 16:28:34 -0600, a écrit :
> I don't think we should remove the world
> writable bit until we know for sure whether udev can do anything with
> the /sys hierarchy.

Even better: the writable bit shouldn't be dropped until udev actually
does something, so that upgrading the udev version will be enough to
keep things working seamlessly.

Samuel

Re: World writable speakup files in Linux next

[Kirk Reiser]

On Sun, 12 Dec 2010, Greg KH wrote:

> But, the world writable bit can be seen as a big security issue right
> now, right?  It would be good to get that fixed, or at the very least,
> narrowed down a lot right now.
>
> greg k-h

Just curious, if the world writable files are working correctly and
with no overrun buffer bugs etc why are they a security risk?

--
Kirk Reiser				The Computer Braille Facility
e-mail: kirk@braille.uwo.ca		University of Western Ontario
phone: (519) 661-3061

Re: World writable speakup files in Linux next

[Samuel Thibault]

Kirk Reiser, le Mon 13 Dec 2010 07:58:26 -0500, a écrit :
> On Sun, 12 Dec 2010, Greg KH wrote:
> >But, the world writable bit can be seen as a big security issue right
> >now, right?  It would be good to get that fixed, or at the very least,
> >narrowed down a lot right now.
> 
> Just curious, if the world writable files are working correctly and
> with no overrun buffer bugs etc why are they a security risk?

That depends what you consider as security risks. No buffer overrun is
enough for not compromising the kernel. Being able to change the way the
speech synthesizer (that the owner of the machine uses to be able to
control it) simply by being logged as a mere user on the machine, that
might be considered as a security risk.  Think of it as being able to
change the text font of the VGA console, you don't really want to allow
users to be able to do that.  You also have potential Denial of Service
by setting the volume to zero, setting the speed at maximum, etc. etc.

Samuel

Re: World writable speakup files in Linux next

[Kirk Reiser]

On Mon, 13 Dec 2010, Samuel Thibault wrote:

> That depends what you consider as security risks. No buffer overrun is
> enough for not compromising the kernel. Being able to change the way the
> speech synthesizer (that the owner of the machine uses to be able to
> control it) simply by being logged as a mere user on the machine, that
> might be considered as a security risk.  Think of it as being able to
> change the text font of the VGA console, you don't really want to allow
> users to be able to do that.  You also have potential Denial of Service
> by setting the volume to zero, setting the speed at maximum, etc. etc.
>
> Samuel

Hi Samuel: You could consider it a security risk in a highly unlikely
situation although I would rate it as more of an iritation than a
security risk.  As you point out if the owner/admin at the console is
being teased/bother/whatever by someone logged into the machine then
they can easily just remove the offending user.  One needs to sit back
from the hypothetical situation and think about it logically.  I am a
person in exactly the hypothetical situation you are trying to
suggest.  I am the administrator of a computer lab of many machines of
various opperating systems.  Many students and colleagues have access
to these systems on a daily basis.  I have never seen anything even
close to the type of condition we are hypothetically discussing.  I
work for a very large university.  My question of curiosity is simply
to determine why this is a possible concern in a very unlikely event.

If something is a security risk then we need to determine what it is
and how to fix the problem rather than having security through
obscurity.  BTW, I aggree with Chris that the best solution from my
perspective is to set-up a speakup group and use group writable bits.
I really don't think that is any less of a security risk however.

--
Kirk Reiser				The Computer Braille Facility
e-mail: kirk@braille.uwo.ca		University of Western Ontario
phone: (519) 661-3061

Re: World writable speakup files in Linux next

[Samuel Thibault]

Kirk Reiser, le Mon 13 Dec 2010 08:36:58 -0500, a écrit :
> I have never seen anything even
> close to the type of condition we are hypothetically discussing.

You mean, somebody with bad enough intentions?

> I work for a very large university.  My question of curiosity is
> simply to determine why this is a possible concern in a very unlikely
> event.

Security is about unlikely events.

> If something is a security risk then we need to determine what it is
> and how to fix the problem rather than having security through
> obscurity.

We're not talking about obscurity, we're talking about restricting which
users are able to write to these files.

> BTW, I aggree with Chris that the best solution from my
> perspective is to set-up a speakup group and use group writable bits.

Sure.

> I really don't think that is any less of a security risk however.

Anything that can let a user change root's view of what is happening on
a system can really be frowned upon.

Samuel

Re: World writable speakup files in Linux next

[acollins]

Hi all.  It seems to me that what we are discussing is a bit like
telling a normal user that he has to be root in order to view the
screen.  Not quite the same thing, but you get the idea.  Most folks
these days a re using a software synth, which relies on the sound card
in the system.  Most distros put access to the sound card in a special
audio or sound group.  If somebody tweaks the sound card, the softsynth
goes away too.  So I can't see why world rightable files for speakup is
such a big deal.  If there were something rightable that would allow a
malicious user to crash the system, that's a different matter.  If
somebody tweaks the synth volume, all that's necessary is for the
user/owner of the system is to adjust it back from another console where
he or she is logged in.  If something like this is regularly going on,
you as the owner/administrater of the machine would probably take steps
to either eliminate or restrain the malicious user.

I once had a person whom I had given an account on one of my machines,
who started doing things that I considered a security risk.  He was
compiling software, and using my machine to probe the universities
network.  I summarily removed his account.  When he complained that he
no longer had access, I told him that he knew what the rules were when
he got the account.  He chose to abuse his priveleges.

Kirk has had other issues like this, where people have broken in to his
machines and done damage.  He was able to track them down, and after
talking to them, and making sure that they knew that he knew who they
were, gave them to understand that such activities in the rfuture would
be severly dealt with.  To my knowledge the offender has not repeated
his behavior.

Yes, there are people out there who are malicious, and take great
delight in abusing other peoples property.  We can either be paranoid
about it, or take reasonable precautions, and very stern meassores when
problems occure.  My point?  Leave the files world rightable, and let
the system adinistrater tighten up security if he or she feels it
necessary.

Gene

>On Mon, 13 Dec 2010, Samuel Thibault wrote:
>
>> That depends what you consider as security risks. No buffer overrun is
>> enough for not compromising the kernel. Being able to change the way the
>> speech synthesizer (that the owner of the machine uses to be able to
>> control it) simply by being logged as a mere user on the machine, that
>> might be considered as a security risk.  Think of it as being able to
>> change the text font of the VGA console, you don't really want to allow
>> users to be able to do that.  You also have potential Denial of Service
>> by setting the volume to zero, setting the speed at maximum, etc. etc.
>>
>> Samuel
>
>Hi Samuel: You could consider it a security risk in a highly unlikely
>situation although I would rate it as more of an iritation than a
>security risk.  As you point out if the owner/admin at the console is
>being teased/bother/whatever by someone logged into the machine then
>they can easily just remove the offending user.  One needs to sit back
>from the hypothetical situation and think about it logically.  I am a
>person in exactly the hypothetical situation you are trying to
>suggest.  I am the administrator of a computer lab of many machines of
>various opperating systems.  Many students and colleagues have access
>to these systems on a daily basis.  I have never seen anything even
>close to the type of condition we are hypothetically discussing.  I
>work for a very large university.  My question of curiosity is simply
>to determine why this is a possible concern in a very unlikely event.
>
>If something is a security risk then we need to determine what it is
>and how to fix the problem rather than having security through
>obscurity.  BTW, I aggree with Chris that the best solution from my
>perspective is to set-up a speakup group and use group writable bits.
>I really don't think that is any less of a security risk however.
>
>--
>Kirk Reiser				The Computer Braille Facility
>e-mail: kirk@braille.uwo.ca		University of Western Ontario
>phone: (519) 661-3061
>_______________________________________________
>Speakup mailing list
>Speakup@braille.uwo.ca
>http://speech.braille.uwo.ca/mailman/listinfo/speakup

Re: World writable speakup files in Linux next

[Samuel Thibault]

acollins@icsmail.net, le Mon 13 Dec 2010 08:15:05 -0600, a écrit :
> Hi all.  It seems to me that what we are discussing is a bit like
> telling a normal user that he has to be root in order to view the
> screen.  Not quite the same thing, but you get the idea.  Most folks
> these days a re using a software synth, which relies on the sound card
> in the system.  Most distros put access to the sound card in a special
> audio or sound group.  If somebody tweaks the sound card, the softsynth
> goes away too.

Not really.  That's the kind of things that consolekit permits to properly
handle.

> So I can't see why world rightable files for speakup is
> such a big deal.

It's not a big deal, but it's supposed to be handled like it has been
for sound cards.

Samuel

Re: World writable speakup files in Linux next

[Frost]

On Mon, Dec 13, 2010 at 02:06:12PM +0100, Samuel Thibault wrote:
> > >But, the world writable bit can be seen as a big security issue right
> > >now, right?  It would be good to get that fixed, or at the very least,
> > >narrowed down a lot right now.

	Can't you just monitor for keyboard activity alone, as when 
you're in a terminal console, operating the system remotely, you don't 
need to issue commands to SpeakUP?  Only at the local keyboard?

	Maybe it's too complicated because of the kernel or what-not.  I 
don't know.  I just figure that if it's not coming from /dev/Stty#, then 
the command should be allowed, or only allowed if the commands are being 
issued by a logged in user at the console, unless it's a major security 
risk to have the cat accidently pressing a SpeakUp key combo.  If you 
trust a person on your system enough to give them a user account, then 
it stands reasonable that you alsod trust them enough not to F with /sys 
and speakupconf without knowing what they're doing

				Michael

Re: World writable speakup files in Linux next

[Samuel Thibault]

Frost, le Mon 13 Dec 2010 14:53:06 +0000, a écrit :
> I just figure that if it's not coming from /dev/Stty#, then 
> the command should be allowed, or only allowed if the commands are being 
> issued by a logged in user at the console,

That's precisely what consolekit implements.

>  If you trust a person on your system enough to give them a user
> account, then it stands reasonable that you alsod trust them enough
> not to F with /sys and speakupconf without knowing what they're doing

No, you can't, because the loggued-in person might be a
virus/worm/attacker/whatever which compromised the user's account.

Samuel

Re: World writable speakup files in Linux next

[Kitty Litter]

Could you give us examples of linux viruses or is this theoretical.

Re: World writable speakup files in Linux next

[bardiazakeri]

how i install speakup in ubuntu

--------------------------------------------------
From: "Frost" <znvyyvfgf@gmail.com>
Sent: Monday, December 13, 2010 3:53 PM
To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca>
Subject: Re: World writable speakup files in Linux next

> On Mon, Dec 13, 2010 at 02:06:12PM +0100, Samuel Thibault wrote:
>> > >But, the world writable bit can be seen as a big security issue right
>> > >now, right?  It would be good to get that fixed, or at the very least,
>> > >narrowed down a lot right now.
>
> Can't you just monitor for keyboard activity alone, as when
> you're in a terminal console, operating the system remotely, you don't
> need to issue commands to SpeakUP?  Only at the local keyboard?
>
> Maybe it's too complicated because of the kernel or what-not.  I
> don't know.  I just figure that if it's not coming from /dev/Stty#, then
> the command should be allowed, or only allowed if the commands are being
> issued by a logged in user at the console, unless it's a major security
> risk to have the cat accidently pressing a SpeakUp key combo.  If you
> trust a person on your system enough to give them a user account, then
> it stands reasonable that you alsod trust them enough not to F with /sys
> and speakupconf without knowing what they're doing
>
> Michael
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

Re: World writable speakup files in Linux next

[bardiazakeri]

how i can install spekaup on ubuntu?

--------------------------------------------------
From: "Frost" <znvyyvfgf@gmail.com>
Sent: Monday, December 13, 2010 7:21 PM
To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca>
Subject: Re: World writable speakup files in Linux next

> On Mon, Dec 13, 2010 at 04:41:57PM +0100, Samuel Thibault wrote:
>> No, you can't, because the loggued-in person might be a
>> virus/worm/attacker/whatever which compromised the user's account.
> 
> Then your security was breached already, and has nothing to do 
> with speakup.  Personally, I think it's far worse for security to let a 
> user have access to any and every mail client on the system, in case 
> they use it to spam the entire planet with it, and those are left wide 
> open on purpose. <shrugs> You don't see me clamping down restrictions on 
> those, just because someone *might* abuse them and lose me my internet 
> connection.
> 
> If it's a virus, then it's not SpeakUP's problem, but mine for 
> not following proper prophylactic procedures.  If it's a user on the 
> system goofing off, first they get warned, then they lose their 
> accounts.  Again, it's not SpeakUP's fault.  Having access to SpeakUP 
> from any console under any account *is* my problem, and I don't want to 
> go thru 20 different steps, just to kick up the volume a notch on my own 
> friggin keyboard.  I certainly don't want to have to go through 20 
> different steps every time I need to su to someone else to check if 
> something is working properly for them.  Secure SpeakUP on your own, 
> create your own distro, and release that if you want.  Stay out of my 
> computer.
> 
> Michael
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

Re: World writable speakup files in Linux next

[Frost]

On Mon, Dec 13, 2010 at 04:41:57PM +0100, Samuel Thibault wrote:
> No, you can't, because the loggued-in person might be a
> virus/worm/attacker/whatever which compromised the user's account.

	Then your security was breached already, and has nothing to do 
with speakup.  Personally, I think it's far worse for security to let a 
user have access to any and every mail client on the system, in case 
they use it to spam the entire planet with it, and those are left wide 
open on purpose. <shrugs> You don't see me clamping down restrictions on 
those, just because someone *might* abuse them and lose me my internet 
connection.

	If it's a virus, then it's not SpeakUP's problem, but mine for 
not following proper prophylactic procedures.  If it's a user on the 
system goofing off, first they get warned, then they lose their 
accounts.  Again, it's not SpeakUP's fault.  Having access to SpeakUP 
from any console under any account *is* my problem, and I don't want to 
go thru 20 different steps, just to kick up the volume a notch on my own 
friggin keyboard.  I certainly don't want to have to go through 20 
different steps every time I need to su to someone else to check if 
something is working properly for them.  Secure SpeakUP on your own, 
create your own distro, and release that if you want.  Stay out of my 
computer.

				Michael

Re: World writable speakup files in Linux next

[bardiazakeri]

how!
i want help .
whit it


--------------------------------------------------
From: "Frost" <znvyyvfgf@gmail.com>
Sent: Monday, December 13, 2010 7:59 PM
To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca>
Subject: Re: World writable speakup files in Linux next

> On Mon, Dec 13, 2010 at 07:20:01PM +0100, bardiazakeri@gmail.com wrote:
>> how i can install spekaup on ubuntu?
> 
> Dunno.  Instructions should be on the installation CD on how to 
> start Ubuntu with Speakup.  How they handle it from there, or if like 
> Debian Squeeze (which I use) and doesn't yet have any speakup modules 
> packages showing in an apt-cache search yet, is another story.  For 
> Debian, SpeakUP is probably already in the kernel, and only needs to be 
> added to /etc/modules with the name of the module, ie: speakup_ltlk for 
> the LiteTalke hardware synthesizer, or in /etc/rc.local, where you would 
> add:
> 
> modprobe speakup_soft
> espeakup
> speakupconf load
> 
> With the previous /etc/rc.local setup, you would need to apt-get 
> install both the espeakup and speakup-tools packages for use with 
> SpeakUP's software speech synthesizer.  Again, I'm not entirely sure 
> about Ubuntu, but the instructions should be either on the installation 
> CD, or on the Ubuntu website.  If they don't, then that's why I went 
> with Debian.  Hope this helps,
> 
> Michael
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

Re: World writable speakup files in Linux next

[Frost]

On Mon, Dec 13, 2010 at 07:20:01PM +0100, bardiazakeri@gmail.com wrote:
> how i can install spekaup on ubuntu?

	Dunno.  Instructions should be on the installation CD on how to 
start Ubuntu with Speakup.  How they handle it from there, or if like 
Debian Squeeze (which I use) and doesn't yet have any speakup modules 
packages showing in an apt-cache search yet, is another story.  For 
Debian, SpeakUP is probably already in the kernel, and only needs to be 
added to /etc/modules with the name of the module, ie: speakup_ltlk for 
the LiteTalke hardware synthesizer, or in /etc/rc.local, where you would 
add:

modprobe speakup_soft
espeakup
speakupconf load

	With the previous /etc/rc.local setup, you would need to apt-get 
install both the espeakup and speakup-tools packages for use with 
SpeakUP's software speech synthesizer.  Again, I'm not entirely sure 
about Ubuntu, but the instructions should be either on the installation 
CD, or on the Ubuntu website.  If they don't, then that's why I went 
with Debian.  Hope this helps,

				Michael

Re: World writable speakup files in Linux next

[Littlefield, Tyler]

First, If you want help, you could try writing a cogent paragraph or 
sentence asking for help, and detailing what you need help with. Linux 
(even *gasp* Ubuntu), requires that you read the manuals. There are 
probably instructions, look around for them, then tell us what you need 
help with.
On 12/13/2010 11:58 AM, bardiazakeri@gmail.com wrote:
> how!
> i want help .
> whit it
>
>
> --------------------------------------------------
> From: "Frost" <znvyyvfgf@gmail.com>
> Sent: Monday, December 13, 2010 7:59 PM
> To: "Speakup is a screen review system for Linux." 
> <speakup@braille.uwo.ca>
> Subject: Re: World writable speakup files in Linux next
>
>> On Mon, Dec 13, 2010 at 07:20:01PM +0100, bardiazakeri@gmail.com wrote:
>>> how i can install spekaup on ubuntu?
>>
>> Dunno.  Instructions should be on the installation CD on how to start 
>> Ubuntu with Speakup.  How they handle it from there, or if like 
>> Debian Squeeze (which I use) and doesn't yet have any speakup modules 
>> packages showing in an apt-cache search yet, is another story.  For 
>> Debian, SpeakUP is probably already in the kernel, and only needs to 
>> be added to /etc/modules with the name of the module, ie: 
>> speakup_ltlk for the LiteTalke hardware synthesizer, or in 
>> /etc/rc.local, where you would add:
>>
>> modprobe speakup_soft
>> espeakup
>> speakupconf load
>>
>> With the previous /etc/rc.local setup, you would need to apt-get 
>> install both the espeakup and speakup-tools packages for use with 
>> SpeakUP's software speech synthesizer.  Again, I'm not entirely sure 
>> about Ubuntu, but the instructions should be either on the 
>> installation CD, or on the Ubuntu website.  If they don't, then 
>> that's why I went with Debian.  Hope this helps,
>>
>> Michael
>>
>> _______________________________________________
>> Speakup mailing list
>> Speakup@braille.uwo.ca
>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>


-- 

Thanks,
Ty

Re: World writable speakup files in Linux next

[bardiazakeri]

i need  help whit instalations and so.
speakup in deiian or ubuntu
its dificult to me to read  manuals  i have adhd 

this is  almost  some thing some astberger  

Re: World writable speakup files in Linux next

[bardiazakeri]

sometimes is dificult to me 

--------------------------------------------------
From: "Littlefield, Tyler" <tyler@tysdomain.com>
Sent: Monday, December 13, 2010 8:08 PM
To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca>
Subject: Re: World writable speakup files in Linux next

> First, If you want help, you could try writing a cogent paragraph or 
> sentence asking for help, and detailing what you need help with. Linux 
> (even *gasp* Ubuntu), requires that you read the manuals. There are 
> probably instructions, look around for them, then tell us what you need 
> help with.
> On 12/13/2010 11:58 AM, bardiazakeri@gmail.com wrote:
>> how!
>> i want help .
>> whit it
>>
>>
>> --------------------------------------------------
>> From: "Frost" <znvyyvfgf@gmail.com>
>> Sent: Monday, December 13, 2010 7:59 PM
>> To: "Speakup is a screen review system for Linux." 
>> <speakup@braille.uwo.ca>
>> Subject: Re: World writable speakup files in Linux next
>>
>>> On Mon, Dec 13, 2010 at 07:20:01PM +0100, bardiazakeri@gmail.com wrote:
>>>> how i can install spekaup on ubuntu?
>>>
>>> Dunno.  Instructions should be on the installation CD on how to start 
>>> Ubuntu with Speakup.  How they handle it from there, or if like 
>>> Debian Squeeze (which I use) and doesn't yet have any speakup modules 
>>> packages showing in an apt-cache search yet, is another story.  For 
>>> Debian, SpeakUP is probably already in the kernel, and only needs to 
>>> be added to /etc/modules with the name of the module, ie: 
>>> speakup_ltlk for the LiteTalke hardware synthesizer, or in 
>>> /etc/rc.local, where you would add:
>>>
>>> modprobe speakup_soft
>>> espeakup
>>> speakupconf load
>>>
>>> With the previous /etc/rc.local setup, you would need to apt-get 
>>> install both the espeakup and speakup-tools packages for use with 
>>> SpeakUP's software speech synthesizer.  Again, I'm not entirely sure 
>>> about Ubuntu, but the instructions should be either on the 
>>> installation CD, or on the Ubuntu website.  If they don't, then 
>>> that's why I went with Debian.  Hope this helps,
>>>
>>> Michael
>>>
>>> _______________________________________________
>>> Speakup mailing list
>>> Speakup@braille.uwo.ca
>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>>
>> _______________________________________________
>> Speakup mailing list
>> Speakup@braille.uwo.ca
>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>
> 
> 
> -- 
> 
> Thanks,
> Ty
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

Re: World writable speakup files in Linux next

[Samuel Thibault]

Kitty Litter, le Mon 13 Dec 2010 10:58:14 -0500, a écrit :
> Could you give us examples of linux viruses or is this theoretical.

Not viruses like what exists on windows, but there are some potential
linux attacks.

Samuel

Re: World writable speakup files in Linux next

[Samuel Thibault]

Frost, le Mon 13 Dec 2010 18:21:10 +0000, a écrit :
> On Mon, Dec 13, 2010 at 04:41:57PM +0100, Samuel Thibault wrote:
> > No, you can't, because the loggued-in person might be a
> > virus/worm/attacker/whatever which compromised the user's account.
> 
> 	Then your security was breached already, and has nothing to do 
> with speakup.

A userland breach is way less dangerous than a root or a kernel breach.

> Personally, I think it's far worse for security to let a 
> user have access to any and every mail client on the system, in case 
> they use it to spam the entire planet with it, and those are left wide 
> open on purpose. <shrugs> You don't see me clamping down restrictions on 
> those, just because someone *might* abuse them and lose me my internet 
> connection.

My point is: when it happens, you don't want to loose physical control
of the machine.

> I don't want to go thru 20 different steps, just to kick up the volume
> a notch on my own friggin keyboard.

Who said so?

> I certainly don't want to have to go through 20 different steps every
> time I need to su to someone else to check if something is working
> properly for them.

Again, who said so?

As I said already, consolekit already handles that for audio.

Samuel

speakup and ubuntu, was: Re: World writable speakup files in Linux next

[Gregory Nowak]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Dec 13, 2010 at 12:08:57PM -0700, Littlefield, Tyler wrote:
> First, If you want help, you could try writing a cogent paragraph or  
> sentence asking for help, and detailing what you need help with.

As he has stated before, he's from Sweden, or Iran (I couldn't figure
out which from his post), and thus English isn't his native
language. So, I'd suggest that you tone down your arrogance a bit, and
stop assuming that everyone on the planet is an English speaker,
because that's not the case. I'm sure he'd be more coherent if he
was fluent in English.

Bardiazakeri (since I don't recall your introducing yourself), you've
written enough messages here that we realize you're asking for
help. Writing more of the same isn't magically going to give you
meaningful answers, it will only annoy people like our friend
Tyler. From what I understand, you want to know how to install ubuntu
with speakup. If there was someone here who was familiar with that, you
probably would have gotten an answer by now. Since no answer was
given, you can assume that nobody here is able to answer your question
in full, and you'll need to look somewhere else for answers to that
question which will satisfy you.

Since English isn't your native language, and since your ADHD prevents
you from reading manuals, it seems to me your only real option is to
find someone who speaks your language, and who would be able to sit
down with you, and walk you through the install process. Yes, I know
that's harder than it sounds, but that's the only good advice I can
think of.

Finally, let's please try to keep threads separated, so that the
subject line accurately reflects the contents. Thanks, and good luck.

Greg


- -- 
web site: http://www.romuald.net.eu.org
gpg public key: http://www.romuald.net.eu.org/pubkey.asc
skype: gregn1
(authorization required, add me to your contacts list first)

- --
Free domains: http://www.eu.org/ or mail dns-manager@EU.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAk0GiksACgkQ7s9z/XlyUyCACgCgihC89pBiv0G9WdQ63zSUSB4O
I/QAn2rGxithHIDAn4rUqP2Cco6NE0sC
=gMgT
-----END PGP SIGNATURE-----

Re: World writable speakup files in Linux next

[Michael Whapples]

Hello,
Here are some of my thoughts on this: As a user I don't want the process 
to change parameters for speech output to be long or complicated. One 
way in which this is met while seemingly keeping things secure is the 
speakup keyboard commands (eg. capslock+1 or capslock+2 for volume). If 
I have understood this correctly these keyboard commands need me to be 
present in front of the computer. Could it be confirmed that these don't 
need the files to be world writable?

So if the above is correct what might the consequence of making these 
files not world writable? One thing which comes to mind is, how would 
this impact on the setting of parameters in scripts (eg. to get default 
parameters as I like when the system boots)? How would some of the 
proposed changes (eg. using consolekit) impact on the setting of 
parameters in scripts?

Michael Whapples
On -10/01/37 20:59, Frost wrote:
> On Mon, Dec 13, 2010 at 04:41:57PM +0100, Samuel Thibault wrote:
>> No, you can't, because the loggued-in person might be a
>> virus/worm/attacker/whatever which compromised the user's account.
> 	Then your security was breached already, and has nothing to do
> with speakup.  Personally, I think it's far worse for security to let a
> user have access to any and every mail client on the system, in case
> they use it to spam the entire planet with it, and those are left wide
> open on purpose.<shrugs>  You don't see me clamping down restrictions on
> those, just because someone *might* abuse them and lose me my internet
> connection.
>
> 	If it's a virus, then it's not SpeakUP's problem, but mine for
> not following proper prophylactic procedures.  If it's a user on the
> system goofing off, first they get warned, then they lose their
> accounts.  Again, it's not SpeakUP's fault.  Having access to SpeakUP
> from any console under any account *is* my problem, and I don't want to
> go thru 20 different steps, just to kick up the volume a notch on my own
> friggin keyboard.  I certainly don't want to have to go through 20
> different steps every time I need to su to someone else to check if
> something is working properly for them.  Secure SpeakUP on your own,
> create your own distro, and release that if you want.  Stay out of my
> computer.
>
> 				Michael
>

Re: speakup and ubuntu, was: Re: World writable speakup files in Linux next

[Littlefield, Tyler]

Greg,
I don't remember -every- person who introduces themselves. Because of 
repeated letters with help, I had him pegged as a troll, and wasn't 
refering to anything related to his english. So take a chill pill--it 
wasn't arrogance. I have added him to Skype and plan on helping him get 
things going; he ended up messaging me off-list.
On 12/13/2010 2:04 PM, Gregory Nowak wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, Dec 13, 2010 at 12:08:57PM -0700, Littlefield, Tyler wrote:
>> First, If you want help, you could try writing a cogent paragraph or
>> sentence asking for help, and detailing what you need help with.
> As he has stated before, he's from Sweden, or Iran (I couldn't figure
> out which from his post), and thus English isn't his native
> language. So, I'd suggest that you tone down your arrogance a bit, and
> stop assuming that everyone on the planet is an English speaker,
> because that's not the case. I'm sure he'd be more coherent if he
> was fluent in English.
>
> Bardiazakeri (since I don't recall your introducing yourself), you've
> written enough messages here that we realize you're asking for
> help. Writing more of the same isn't magically going to give you
> meaningful answers, it will only annoy people like our friend
> Tyler. From what I understand, you want to know how to install ubuntu
> with speakup. If there was someone here who was familiar with that, you
> probably would have gotten an answer by now. Since no answer was
> given, you can assume that nobody here is able to answer your question
> in full, and you'll need to look somewhere else for answers to that
> question which will satisfy you.
>
> Since English isn't your native language, and since your ADHD prevents
> you from reading manuals, it seems to me your only real option is to
> find someone who speaks your language, and who would be able to sit
> down with you, and walk you through the install process. Yes, I know
> that's harder than it sounds, but that's the only good advice I can
> think of.
>
> Finally, let's please try to keep threads separated, so that the
> subject line accurately reflects the contents. Thanks, and good luck.
>
> Greg
>
>
> - -- 
> web site: http://www.romuald.net.eu.org
> gpg public key: http://www.romuald.net.eu.org/pubkey.asc
> skype: gregn1
> (authorization required, add me to your contacts list first)
>
> - --
> Free domains: http://www.eu.org/ or mail dns-manager@EU.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAk0GiksACgkQ7s9z/XlyUyCACgCgihC89pBiv0G9WdQ63zSUSB4O
> I/QAn2rGxithHIDAn4rUqP2Cco6NE0sC
> =gMgT
> -----END PGP SIGNATURE-----
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>


-- 

Thanks,
Ty

Re: World writable speakup files in Linux next

[Samuel Thibault]

Michael Whapples, le Mon 13 Dec 2010 21:13:11 +0000, a écrit :
> Here are some of my thoughts on this: As a user I don't want the process 
> to change parameters for speech output to be long or complicated.

At worse, without consolekit support, you'd just need to prepend sudo to
your commands, so it'll never be longer or complicated...  And I again
repeat again once more: consolekit can handle it seamlessly.

> One 
> way in which this is met while seemingly keeping things secure is the 
> speakup keyboard commands (eg. capslock+1 or capslock+2 for volume). If 
> I have understood this correctly these keyboard commands need me to be 
> present in front of the computer. Could it be confirmed that these don't 
> need the files to be world writable?

They don't need since they are handled in the kernel.

> So if the above is correct what might the consequence of making these 
> files not world writable?

Without consolekit support, having to run speakupconf as root. With
consolekit support, nothing.  And we agree that we don't want to drop
world writability before consolekit/udev support.

> One thing which comes to mind is, how would 
> this impact on the setting of parameters in scripts (eg. to get default 
> parameters as I like when the system boots)?

System boot scripts are run as root, so they won't be broken.

> How would some of the proposed changes (eg. using consolekit) impact
> on the setting of parameters in scripts?

consolekit will let the user just run it as if we had world writability.

Samuel

Re: World writable speakup files in Linux next

[Kerry Hoath]

You perhaps want to take a look at vinux, a modified version of ubuntu.
If you boot this cd you get large print and it comes up talking.

http://www.vinux.org.uk

Speakup should come up talking on most Vinux systems without any extra 
configuration steps.
Failing this try a Linux user's group in your area, who may be able to 
give you instructions in your own language or verbally.

I'm personally working on speakup on ubuntu however Ihave not yet got it 
to run as I am still learning about jack-audio.
Regards, Kerry.

On 14/12/2010 3:15 AM, bardiazakeri@gmail.com wrote:
> i need  help whit instalations and so.
> speakup in deiian or ubuntu
> its dificult to me to read manuals i have adhd
> this is almost some thing some astberger
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

Re: World writable speakup files in Linux next

[Littlefield, Tyler]

If you want to play with speakup, there also is grml, which may be 
better than messing with Vinux--sometimes getting speakup working on 
there can be a hack-job, since you have to kill processes and relaunch.
On 12/13/2010 7:40 PM, Kerry Hoath wrote:
>
> You perhaps want to take a look at vinux, a modified version of ubuntu.
> If you boot this cd you get large print and it comes up talking.
>
> http://www.vinux.org.uk
>
> Speakup should come up talking on most Vinux systems without any extra 
> configuration steps.
> Failing this try a Linux user's group in your area, who may be able to 
> give you instructions in your own language or verbally.
>
> I'm personally working on speakup on ubuntu however Ihave not yet got 
> it to run as I am still learning about jack-audio.
> Regards, Kerry.
>
> On 14/12/2010 3:15 AM, bardiazakeri@gmail.com wrote:
>> i need  help whit instalations and so.
>> speakup in deiian or ubuntu
>> its dificult to me to read manuals i have adhd
>> this is almost some thing some astberger
>> _______________________________________________
>> Speakup mailing list
>> Speakup@braille.uwo.ca
>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>


-- 

Thanks,
Ty

Re: World writable speakup files in Linux next

[Frost]

	Well, I'm going to plonk this thread, as I'm tired of reading 
it, but as a final parting shot, in my situation, it's more likely to 
cause problems than solve them.

	If someone wants to use my system, they'll more than likely want 
to turn the volume off, as they're not blind, and then I will likely 
have a hell of a time trying to figure out why the system's locked up 
and not working, not that anyone besides me who would use my computer 
understands the CLI.  They're just brain dead Windows users and wouldn't 
know a typed command if it came up and bit them in da butt.  Anyway, I 
certainly don't want my ability to freely use the system compromised.  
You don't put a security shutdown on the monitor for sighted users so 
they can't see what's going on, and that is what you're proposing for 
the blind.

				Michael

Re: Arch Linux was: World writable speakup files in Linux next

[Øyvind Lode]

What about Arch Linux?
I'd say forget about Ubuntu!
Download the Speakup modified images by Chris Brannon and read the wiki 
page "Arch Linux for the Blind" at wiki.archlinux.org

Arch Linux is great and easy to setup.
But it requires one to be able to read and follow the steps on the Wiki 
though.

On 14.12.2010 04:04, Littlefield, Tyler wrote:
> If you want to play with speakup, there also is grml, which may be
> better than messing with Vinux--sometimes getting speakup working on
> there can be a hack-job, since you have to kill processes and relaunch.
> On 12/13/2010 7:40 PM, Kerry Hoath wrote:
>>
>> You perhaps want to take a look at vinux, a modified version of ubuntu.
>> If you boot this cd you get large print and it comes up talking.
>>
>> http://www.vinux.org.uk
>>
>> Speakup should come up talking on most Vinux systems without any extra
>> configuration steps.
>> Failing this try a Linux user's group in your area, who may be able to
>> give you instructions in your own language or verbally.
>>
>> I'm personally working on speakup on ubuntu however Ihave not yet got
>> it to run as I am still learning about jack-audio.
>> Regards, Kerry.
>>
>> On 14/12/2010 3:15 AM, bardiazakeri@gmail.com wrote:
>>> i need help whit instalations and so.
>>> speakup in deiian or ubuntu
>>> its dificult to me to read manuals i have adhd
>>> this is almost some thing some astberger
>>> _______________________________________________
>>> Speakup mailing list
>>> Speakup@braille.uwo.ca
>>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>> _______________________________________________
>> Speakup mailing list
>> Speakup@braille.uwo.ca
>> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>>
>
>