From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from imr-da02.mx.aol.com (imr-da02.mx.aol.com [205.188.105.144]) by speech.braille.uwo.ca (Postfix) with ESMTP id 14A91C1A062 for ; Mon, 13 Dec 2010 16:14:11 -0500 (EST) Received: from mtaout-db03.r1000.mx.aol.com (mtaout-db03.r1000.mx.aol.com [172.29.51.195]) by imr-da02.mx.aol.com (8.14.1/8.14.1) with ESMTP id oBDLDsN5017474 for ; Mon, 13 Dec 2010 16:13:54 -0500 Received: from [192.168.1.100] (mwhapples.plus.com [80.229.137.216]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaout-db03.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id F0962E00008A for ; Mon, 13 Dec 2010 16:13:53 -0500 (EST) Message-ID: <4D068C67.6070606@aim.com> Date: Mon, 13 Dec 2010 21:13:11 +0000 From: Michael Whapples User-Agent: Mozilla/5.0 (X11; Linux i686; rv:2.0b8pre) Gecko/20101212 Thunderbird/3.3a1 MIME-Version: 1.0 To: "Speakup is a screen review system for Linux." Subject: Re: World writable speakup files in Linux next References: <20101210190047.GA19219@kroah.com> <87lj3wufx7.fsf@the-brannons.com> <20101211222834.GA27436@linux1> <20101212023532.GA6486@const> <20101212182940.GB16883@kroah.com> <20101213130612.GT5411@const.bordeaux.inria.fr> <20101213145306.GA8824@rivensight.dyndns.org> <20101213154157.GJ5411@const.bordeaux.inria.fr> <20101213182110.GA29410@rivensight.dyndns.org> In-Reply-To: <20101213182110.GA29410@rivensight.dyndns.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit x-aol-global-disposition: G X-AOL-SCOLL-SCORE: 0:2:373061984:93952408 X-AOL-SCOLL-URL_COUNT: 0 x-aol-sid: 3039ac1d33c34d068c913651 X-AOL-IP: 80.229.137.216 X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.1.13 Precedence: list Reply-To: "Speakup is a screen review system for Linux." List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Dec 2010 21:14:12 -0000 Hello, Here are some of my thoughts on this: As a user I don't want the process to change parameters for speech output to be long or complicated. One way in which this is met while seemingly keeping things secure is the speakup keyboard commands (eg. capslock+1 or capslock+2 for volume). If I have understood this correctly these keyboard commands need me to be present in front of the computer. Could it be confirmed that these don't need the files to be world writable? So if the above is correct what might the consequence of making these files not world writable? One thing which comes to mind is, how would this impact on the setting of parameters in scripts (eg. to get default parameters as I like when the system boots)? How would some of the proposed changes (eg. using consolekit) impact on the setting of parameters in scripts? Michael Whapples On -10/01/37 20:59, Frost wrote: > On Mon, Dec 13, 2010 at 04:41:57PM +0100, Samuel Thibault wrote: >> No, you can't, because the loggued-in person might be a >> virus/worm/attacker/whatever which compromised the user's account. > Then your security was breached already, and has nothing to do > with speakup. Personally, I think it's far worse for security to let a > user have access to any and every mail client on the system, in case > they use it to spam the entire planet with it, and those are left wide > open on purpose. You don't see me clamping down restrictions on > those, just because someone *might* abuse them and lose me my internet > connection. > > If it's a virus, then it's not SpeakUP's problem, but mine for > not following proper prophylactic procedures. If it's a user on the > system goofing off, first they get warned, then they lose their > accounts. Again, it's not SpeakUP's fault. Having access to SpeakUP > from any console under any account *is* my problem, and I don't want to > go thru 20 different steps, just to kick up the volume a notch on my own > friggin keyboard. I certainly don't want to have to go through 20 > different steps every time I need to su to someone else to check if > something is working properly for them. Secure SpeakUP on your own, > create your own distro, and release that if you want. Stay out of my > computer. > > Michael >