From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-gx0-f228.google.com (mail-gx0-f228.google.com [209.85.217.228]) by speech.braille.uwo.ca (Postfix) with ESMTP id DD83710D7F for ; Fri, 23 Oct 2009 07:55:33 -0400 (EDT) Received: by gxk28 with SMTP id 28so7860380gxk.9 for ; Fri, 23 Oct 2009 04:55:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:from:to:subject :in-reply-to:references:comments:date; bh=vMIC6bIf936KKXIALdRC4OQZsrbfFtYwL0tHTEZJWv4=; b=gMpEsxc6oc5sDp4D/Wf3m9afLU7Lue3n/qrLRJyYz1BG4mneMt6Byup8QZ3t7AC043 xQlEDUNxdIkBgeAq6YB3a/2VNCRGlJ9L1aK19uVHRuHMV6XIZH4uoMLzt1VJHqmgh8+/ YDzL1ur34P8J1ZcTGvB82zTiTx4d2JQ/afHYQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:from:to:subject:in-reply-to:references:comments:date; b=UrlW21HQh3pwJNTTe3AvF32F3TRBwkDO2f+CkL3KkA3VH5kBGJPc6z4rlHIm3wxNhf mYvKPvIQg2Ks56UGi9mthSiufuCRBtKAibvYKzZMqmDgk/3nmO/hKZlMUD3HObKWnRZx 1YXpzYTCjlalUBq5K6/YqCVpyrBfl0h0EyEec= Received: by 10.90.15.33 with SMTP id 33mr5037190ago.31.1256298933320; Fri, 23 Oct 2009 04:55:33 -0700 (PDT) Received: from localhost (ip24-253-221-18.ok.ok.cox.net [24.253.221.18]) by mx.google.com with ESMTPS id 34sm131643yxf.29.2009.10.23.04.55.31 (version=TLSv1/SSLv3 cipher=RC4-MD5); Fri, 23 Oct 2009 04:55:31 -0700 (PDT) Message-ID: <4ae199b3.6202be0a.6021.0c25@mx.google.com> From: Chris Brannon To: "Speakup is a screen review system for Linux." Subject: Re: clipboard integration -- possible security implications In-reply-to: <4AE1570D.8040105@baechler.net> References: <20091020210034.GB32242@linux1> <4ADEC8D4.2040709@baechler.net> <20091021160241.GA16006@linux1> <4AE01077.7010607@baechler.net> <20091022153810.GA17686@linux1> <4AE1570D.8040105@baechler.net> Comments: In-reply-to Tony Baechler message dated "Fri, 23 Oct 2009 00:11:09 -0700." Date: Fri, 23 Oct 2009 06:55:35 -0500 X-BeenThere: speakup@braille.uwo.ca X-Mailman-Version: 2.1.12 Precedence: list Reply-To: "Speakup is a screen review system for Linux." List-Id: "Speakup is a screen review system for Linux." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2009 11:55:34 -0000 > OK, how does speakupconf work if you're not root? Speakupconf doesn't need to be so discerning. It just copies data to or from /sys, regardless of who is running it. It is a shell script, and it uses ~/.speakup when running as a non-privileged user. The assumption is that settings don't contain any sort of sensitive info. > although the question is still who the current user is. I > would define the current user as the one who is using Speakup at the > time that text is copied to the Speakup clipboard. That is a perfect definition! How do you determine who the current user is? I looked at headers under /usr/src/linux/include yesterday, and there doesn't seem to be any sort of userid field associated with the C structs that represent virtual consoles. I suppose that you could use the number of the virtual console on which the copy / paste operation is being performed. Next, you have to figure out how to contact the X server that the current user is using. If there is going to be any sort of automatic transfer of data between Speakup's cut buffer and the X clipboard, then both of those pieces of info need to be known. Who requested the copy or paste, and where is his X server -- assuming that he is running X? > Another idea would be to require a user to be in a special group, > similar to only making the CD drive accessible to users in the "audio" > group. The group would have to manually be created This is a really good idea, for everything under /sys/accessibility/speakup. The group would be created by the person who packages Speakup for your distro. The file ownerships need to be set correctly whenever speakup's modules are loaded. If you look at "man modprobe.conf", there's a description of something called "install". This "install" primitive allows us to run arbitrary commands whilst loading a module. The people who package Speakup could probably do all of this today, without requiring any change to the Speakup code. This won't solve all the problems related to automatic export / import of the clipboard, though. -- Chris