From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dukecmmtar03.coxmail.com (dukecmmtar03.coxmail.com [68.99.120.44]) by speech.braille.uwo.ca (Postfix) with ESMTP id C18BA105F8 for ; Tue, 10 Nov 2009 04:37:03 -0500 (EST) Received: from dukecmimpo02.coxmail.com ([68.99.120.135]) by dukecmmtar03.coxmail.com (InterMail vM.7.05.02.00 201-2174-114-20060621) with ESMTP id <20091110093703.RLMS3692.dukecmmtar03.coxmail.com@dukecmimpo02.coxmail.com> for ; Tue, 10 Nov 2009 04:37:03 -0500 Received: from [192.168.0.100] ([70.166.17.50]) by dukecmimpo02.coxmail.com with bizsmtp id 3Md21d00B14oyBJ01Md3q8; Tue, 10 Nov 2009 04:37:03 -0500 Message-ID: <4AF93434.7000309@baechler.net> Date: Tue, 10 Nov 2009 01:36:52 -0800 From: Tony Baechler User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4pre) Gecko/20090915 Thunderbird/3.0b4 MIME-Version: 1.0 To: "Speakup is a screen review system for Linux." Subject: Re: clipboard integration -- possible security implications References: <20091020210034.GB32242@linux1> <4ADEC8D4.2040709@baechler.net> <20091021160241.GA16006@linux1> <4AE01077.7010607@baechler.net> <20091022153810.GA17686@linux1> <4AE1570D.8040105@baechler.net> <4ae199b3.6202be0a.6021.0c25@mx.google.com> <4AE2A9D0.3040603@baechler.net> <4ae31465.9553f10a.0aa0.1bec@mx.google.com> <20091110043549.GB5619@lnx3.holmesgrown.com> In-Reply-To: <20091110043549.GB5619@lnx3.holmesgrown.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.1.12 Precedence: list Reply-To: "Speakup is a screen review system for Linux." List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Nov 2009 09:37:04 -0000 I do sometimes use Speakup via ssh. Sometimes I want to make sure my hardware synthesizer is working. I often build new Speakup modules via ssh for convenience. When I was playing with virtual machines and DOSemu, I tried sending output through Speakup. I'm actually wondering if there could be a potential security issue with a remote user flooding a hardware synth buffer by sending massive amounts of text to it. I have verified that I can make my synth talk from across the room with ssh, so presumably there would definitely be a security issue in that a user could send unwanted and/or annoying messages to your synth when you aren't expecting it. In the case of the DECtalk, they could send text without a closing bracket and potentially cause loss of speech. On 11/9/2009 8:35 PM, Steve Holmes wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: RIPEMD160 > > And to add to this suggestion, while in that same shell, you could > pipe the pasted contents into xclip in much the same way and then you > have it in the X clipboard also. > > I like the idea of the select group to hold all speakup settings. > This would improve security issues in general, I think. I like the > concept of using /sys/accessibility/speakup/clip or whatever to hold a > file name that could then be used and owned by a specific user but I > also understand the downside to this as was pointed out earlier in > this thread. > > I wonder if tiing this business to virtual consoles wouldn't be a bad > idea. I mean, think about it. First off, speakup would never be used > by a remote user like over ssh; at least I can't imagine such a case. > As I think about it right now, I would think that could be an > excellent way to secure this aspect. If the speakup cut/paste feature > is accessing the resource, any other users currently using the system > are mostlikely not on the virtual consoles and would probably have no > idea it was in use. >