RE: /proc/speakup

RE: /proc/speakup

[Klarich, Terry]

For myself, I probably be using group security.  I will create a speakup
group and limit all access to these files to root and to those who are in
the speakup group.

Terry
-----Original Message-----
From: Holmes, Steve [mailto:SAHolmes@ahcccs.state.az.us]
Sent: Thursday, February 15, 2001 3:10 PM
To: 'speakup@braille.uwo.ca'
Subject: RE: /proc/speakup


I could certainly see why.  It was just an idea.  If I were to cast a vote
on this, I would go for root-only access to the /proc/speakup files.  I
think most of the time, speakup would be running on a single blind person's
machine and he/she is probably the only one using it so that person would
most likely have root privileges.

-----Original Message-----
From: Kerry Hoath [mailto:kerry@gotss.eu.org]
Sent: Thursday, February 15, 2001 9:05 AM
To: speakup@braille.uwo.ca
Subject: Re: /proc/speakup


Setuid shellscripts are disabled by default because of the problems they
introduce. You _can_ enable them somehow but it is highly discouraged.
On Thu, Feb 15, 2001 at 07:15:48AM -0700, Holmes, Steve wrote:
> Well, here's an idea; How about making the /proc/speak system root
writeable
> only and provide a user script that could be used by the user and have it
> setuid to update the system.  As I think about this, I suppose that really
> wouldn't be any different than opening up the /proc files.
> 
> -----Original Message-----
> From: Geoff Shang [mailto:gshang@uq.net.au]
> Sent: Thursday, February 15, 2001 6:01 AM
> To: speakup@braille.uwo.ca
> Subject: Re: /proc/speakup 
> 
> 
> On Thu, 15 Feb 2001, Steve Holmes wrote:
> 
> > I thought I heard a while back that only root could update these files.
> > Is that so?
> 
> That is not so.  The files in /proc/speakup apart from the exceptions
> discussed earlier today can be updated by any user on the system.  There
> are some files in /proc/speakup/<synth> (where <synth> is the currently
> used synth) which contain data that, if modified, might cause serious
> damage to the system.  These files therefore can only be modified by root.
> 
> Since the proc file system is only a vertual file system, commands like
> chmod and chown do not actually work, even though they return without
> errors.  The permissions have to be set as part of the speakup code.  Jim
> and I discussed alternative access methods for these files, but the
choices
> seem to be access for all or access for no-one except root, without making
> it a configurable option in either the kernel command line or perhaps the
> kernel config.  Personally, I'd be quite happy to see all this be root
> access only, but I can understand why people might want to be able to
> change synth settings in user-space.
> 
> Geoff.
> 
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

-- 
--
Kerry Hoath: kerry@gotss.eu.org
Alternates: kerry@emusys.com.au kerry@gotss.spice.net.au or
khoath@lis.net.au
ICQ UIN: 8226547


_______________________________________________
Speakup mailing list
Speakup@braille.uwo.ca
http://speech.braille.uwo.ca/mailman/listinfo/speakup

_______________________________________________
Speakup mailing list
Speakup@braille.uwo.ca
http://speech.braille.uwo.ca/mailman/listinfo/speakup

RE: /proc/speakup

[Kirk Wood]

On Mon, 19 Feb 2001, Klarich, Terry wrote:
> For myself, I probably be using group security.  I will create a speakup
> group and limit all access to these files to root and to those who are in
> the speakup group.

I think that this idea is the best one. Perhaps the ownership of the files
could be root.speakup. Then a person can add anyone they desire to the
speakup group for access.

=======
Kirk Wood
Cpt.Kirk@1tree.net

Nothing is hard if you know the answer or are used to doing it.

RE: /proc/speakup

[Geoff Shang]

On Mon, 19 Feb 2001, Kirk Wood wrote:

> I think that this idea is the best one. Perhaps the ownership of the files
> could be root.speakup. Then a person can add anyone they desire to the
> speakup group for access.

This is a good idea, but can't be done (or at least, can't be done easily).
Remember that the proc files are vertual files, not actual files.  Because
of this, you can't change the ownership of them like you would ordinary
files.  Jim or Kirk can't hard-code in this ownership either.  The reason
is that the ownership is determined by user and group ID numbers.  Kirk and
Jim have no way of knowing what group ID such a speakup group would have on
a system, and speakup wouldn't be able to look in /etc/group when it loads
because the file system wouldn't yet be mounted.  So, as far as I can see,
root has to be the owner and group since you know that they are user and
group 0.

Geoff.

RE: /proc/speakup

[Holmes, Steve]

I could certainly see why.  It was just an idea.  If I were to cast a vote
on this, I would go for root-only access to the /proc/speakup files.  I
think most of the time, speakup would be running on a single blind person's
machine and he/she is probably the only one using it so that person would
most likely have root privileges.

-----Original Message-----
From: Kerry Hoath [mailto:kerry@gotss.eu.org]
Sent: Thursday, February 15, 2001 9:05 AM
To: speakup@braille.uwo.ca
Subject: Re: /proc/speakup


Setuid shellscripts are disabled by default because of the problems they
introduce. You _can_ enable them somehow but it is highly discouraged.
On Thu, Feb 15, 2001 at 07:15:48AM -0700, Holmes, Steve wrote:
> Well, here's an idea; How about making the /proc/speak system root
writeable
> only and provide a user script that could be used by the user and have it
> setuid to update the system.  As I think about this, I suppose that really
> wouldn't be any different than opening up the /proc files.
> 
> -----Original Message-----
> From: Geoff Shang [mailto:gshang@uq.net.au]
> Sent: Thursday, February 15, 2001 6:01 AM
> To: speakup@braille.uwo.ca
> Subject: Re: /proc/speakup 
> 
> 
> On Thu, 15 Feb 2001, Steve Holmes wrote:
> 
> > I thought I heard a while back that only root could update these files.
> > Is that so?
> 
> That is not so.  The files in /proc/speakup apart from the exceptions
> discussed earlier today can be updated by any user on the system.  There
> are some files in /proc/speakup/<synth> (where <synth> is the currently
> used synth) which contain data that, if modified, might cause serious
> damage to the system.  These files therefore can only be modified by root.
> 
> Since the proc file system is only a vertual file system, commands like
> chmod and chown do not actually work, even though they return without
> errors.  The permissions have to be set as part of the speakup code.  Jim
> and I discussed alternative access methods for these files, but the
choices
> seem to be access for all or access for no-one except root, without making
> it a configurable option in either the kernel command line or perhaps the
> kernel config.  Personally, I'd be quite happy to see all this be root
> access only, but I can understand why people might want to be able to
> change synth settings in user-space.
> 
> Geoff.
> 
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

-- 
--
Kerry Hoath: kerry@gotss.eu.org
Alternates: kerry@emusys.com.au kerry@gotss.spice.net.au or
khoath@lis.net.au
ICQ UIN: 8226547


_______________________________________________
Speakup mailing list
Speakup@braille.uwo.ca
http://speech.braille.uwo.ca/mailman/listinfo/speakup

Re: /proc/speakup

[Kerry Hoath]

I seem to recall that alsa sets the permitions on /proc/asound with
a command-line option we might be able to steal the code to do it.
Alternatively we could have a /proc/speakup/access file root only accessable
and if you want to open up the rest of the files echo 1 >/proc/speakup/access from one of the startup
scripts like /proc/sys/net/ipv4/ip_forward does.
That way we keep both camps happy. If you want the files open you say so
in the boot scripts, if not the default can be paranoia.
Comments anyone?
On Thu, Feb 15, 2001 at 02:09:35PM -0700, Holmes, Steve wrote:
> I could certainly see why.  It was just an idea.  If I were to cast a vote
> on this, I would go for root-only access to the /proc/speakup files.  I
> think most of the time, speakup would be running on a single blind person's
> machine and he/she is probably the only one using it so that person would
> most likely have root privileges.
> 
> -----Original Message-----
> From: Kerry Hoath [mailto:kerry@gotss.eu.org]
> Sent: Thursday, February 15, 2001 9:05 AM
> To: speakup@braille.uwo.ca
> Subject: Re: /proc/speakup
> 
> 
> Setuid shellscripts are disabled by default because of the problems they
> introduce. You _can_ enable them somehow but it is highly discouraged.
> On Thu, Feb 15, 2001 at 07:15:48AM -0700, Holmes, Steve wrote:
> > Well, here's an idea; How about making the /proc/speak system root
> writeable
> > only and provide a user script that could be used by the user and have it
> > setuid to update the system.  As I think about this, I suppose that really
> > wouldn't be any different than opening up the /proc files.
> > 
> > -----Original Message-----
> > From: Geoff Shang [mailto:gshang@uq.net.au]
> > Sent: Thursday, February 15, 2001 6:01 AM
> > To: speakup@braille.uwo.ca
> > Subject: Re: /proc/speakup 
> > 
> > 
> > On Thu, 15 Feb 2001, Steve Holmes wrote:
> > 
> > > I thought I heard a while back that only root could update these files.
> > > Is that so?
> > 
> > That is not so.  The files in /proc/speakup apart from the exceptions
> > discussed earlier today can be updated by any user on the system.  There
> > are some files in /proc/speakup/<synth> (where <synth> is the currently
> > used synth) which contain data that, if modified, might cause serious
> > damage to the system.  These files therefore can only be modified by root.
> > 
> > Since the proc file system is only a vertual file system, commands like
> > chmod and chown do not actually work, even though they return without
> > errors.  The permissions have to be set as part of the speakup code.  Jim
> > and I discussed alternative access methods for these files, but the
> choices
> > seem to be access for all or access for no-one except root, without making
> > it a configurable option in either the kernel command line or perhaps the
> > kernel config.  Personally, I'd be quite happy to see all this be root
> > access only, but I can understand why people might want to be able to
> > change synth settings in user-space.
> > 
> > Geoff.
> > 
> > 
> > 
> > _______________________________________________
> > Speakup mailing list
> > Speakup@braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> > 
> > _______________________________________________
> > Speakup mailing list
> > Speakup@braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> > 
> 
> -- 
> --
> Kerry Hoath: kerry@gotss.eu.org
> Alternates: kerry@emusys.com.au kerry@gotss.spice.net.au or
> khoath@lis.net.au
> ICQ UIN: 8226547
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

-- 
--
Kerry Hoath: kerry@gotss.eu.org
Alternates: kerry@emusys.com.au kerry@gotss.spice.net.au or khoath@lis.net.au
ICQ UIN: 8226547

Re: /proc/speakup

[Frank Carmickle]

I like this idea.

On Fri, 16 Feb 2001, Kerry Hoath wrote:

> I seem to recall that alsa sets the permitions on /proc/asound with
> a command-line option we might be able to steal the code to do it.
> Alternatively we could have a /proc/speakup/access file root only accessable
> and if you want to open up the rest of the files echo 1 >/proc/speakup/access from one of the startup
> scripts like /proc/sys/net/ipv4/ip_forward does.
> That way we keep both camps happy. If you want the files open you say so
> in the boot scripts, if not the default can be paranoia.
> Comments anyone?

RE: /proc/speakup

[Holmes, Steve]

Well, here's an idea; How about making the /proc/speak system root writeable
only and provide a user script that could be used by the user and have it
setuid to update the system.  As I think about this, I suppose that really
wouldn't be any different than opening up the /proc files.

-----Original Message-----
From: Geoff Shang [mailto:gshang@uq.net.au]
Sent: Thursday, February 15, 2001 6:01 AM
To: speakup@braille.uwo.ca
Subject: Re: /proc/speakup 


On Thu, 15 Feb 2001, Steve Holmes wrote:

> I thought I heard a while back that only root could update these files.
> Is that so?

That is not so.  The files in /proc/speakup apart from the exceptions
discussed earlier today can be updated by any user on the system.  There
are some files in /proc/speakup/<synth> (where <synth> is the currently
used synth) which contain data that, if modified, might cause serious
damage to the system.  These files therefore can only be modified by root.

Since the proc file system is only a vertual file system, commands like
chmod and chown do not actually work, even though they return without
errors.  The permissions have to be set as part of the speakup code.  Jim
and I discussed alternative access methods for these files, but the choices
seem to be access for all or access for no-one except root, without making
it a configurable option in either the kernel command line or perhaps the
kernel config.  Personally, I'd be quite happy to see all this be root
access only, but I can understand why people might want to be able to
change synth settings in user-space.

Geoff.



_______________________________________________
Speakup mailing list
Speakup@braille.uwo.ca
http://speech.braille.uwo.ca/mailman/listinfo/speakup

RE: /proc/speakup

[Geoff Shang]

Hi:

Well I'd reckon root only and implement sudo or just use su if you want to
change it.

Geoff.

Re: /proc/speakup

[Kerry Hoath]

Setuid shellscripts are disabled by default because of the problems they
introduce. You _can_ enable them somehow but it is highly discouraged.
On Thu, Feb 15, 2001 at 07:15:48AM -0700, Holmes, Steve wrote:
> Well, here's an idea; How about making the /proc/speak system root writeable
> only and provide a user script that could be used by the user and have it
> setuid to update the system.  As I think about this, I suppose that really
> wouldn't be any different than opening up the /proc files.
> 
> -----Original Message-----
> From: Geoff Shang [mailto:gshang@uq.net.au]
> Sent: Thursday, February 15, 2001 6:01 AM
> To: speakup@braille.uwo.ca
> Subject: Re: /proc/speakup 
> 
> 
> On Thu, 15 Feb 2001, Steve Holmes wrote:
> 
> > I thought I heard a while back that only root could update these files.
> > Is that so?
> 
> That is not so.  The files in /proc/speakup apart from the exceptions
> discussed earlier today can be updated by any user on the system.  There
> are some files in /proc/speakup/<synth> (where <synth> is the currently
> used synth) which contain data that, if modified, might cause serious
> damage to the system.  These files therefore can only be modified by root.
> 
> Since the proc file system is only a vertual file system, commands like
> chmod and chown do not actually work, even though they return without
> errors.  The permissions have to be set as part of the speakup code.  Jim
> and I discussed alternative access methods for these files, but the choices
> seem to be access for all or access for no-one except root, without making
> it a configurable option in either the kernel command line or perhaps the
> kernel config.  Personally, I'd be quite happy to see all this be root
> access only, but I can understand why people might want to be able to
> change synth settings in user-space.
> 
> Geoff.
> 
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

-- 
--
Kerry Hoath: kerry@gotss.eu.org
Alternates: kerry@emusys.com.au kerry@gotss.spice.net.au or khoath@lis.net.au
ICQ UIN: 8226547

RE: /proc/speakup

[Holmes, Steve]

No way!  I say, "Keep /proc/speakup."  I think these /proc systems are a
real powerful thing.  Lots to learn about them but I see a lot of potential
here.

-----Original Message-----
From: Tyler Spivey [mailto:tyler@wapvi.bc.ca]
Sent: Wednesday, February 14, 2001 7:14 PM
To: speakup@braille.uwo.ca
Subject: re: /proc/speakup


/proc/speakup was a bad idea. because:
1. if a hacker gained root, you couldn't turn off the net or something
without speech. (if
someone shut it off)
i think a keypad configuration system would be in order. use one of the
unused keys, or see if numlock is on/off, and if its one way, use rate pitch
and volume on the keypad.
check if scroll lock is on (no one uses it) and do other things.
scroll+num, +caps. things like that.
just my 2 sents. and i'm looking for someone that can give me free synths,
(i almost had one, 
but the guy got really mad and ignores me).

_______________________________________________
Speakup mailing list
Speakup@braille.uwo.ca
http://speech.braille.uwo.ca/mailman/listinfo/speakup

re: /proc/speakup

[Tyler Spivey]

/proc/speakup was a bad idea. because:
1. if a hacker gained root, you couldn't turn off the net or something without speech. (if
someone shut it off)
i think a keypad configuration system would be in order. use one of the unused keys, or see if numlock is on/off, and if its one way, use rate pitch and volume on the keypad.
check if scroll lock is on (no one uses it) and do other things.
scroll+num, +caps. things like that.
just my 2 sents. and i'm looking for someone that can give me free synths, (i almost had one, 
but the guy got really mad and ignores me).

Re: /proc/speakup

[Buddy Brannan]

*ROFL* OK, so...umm...what, exactly, does this mean in real terms? That
/proc/speakup is a bad idea, I mean? You are creating artificial
scenarios. Anything can be used or misused. So what, should we have
nothing that uses /proc or can have its settings changed there? Should we,
in fact, not allow any programs to run useful things because some evyl
hacker (TM) might misuse it? Oh, I know, let's not allow anyone to do
anything. Then your system will be really secure. Can't trust
scripts--let's get rid of scripts, and scripting languages, OK?

Gosh. I can't understand why anyone would be mad at you and not respond to
your Emails. 

And if you find someone passing out free hardware (synth or otherwise),
send them my way, OK? I'll take free stuff, although I will not, as a
friend of mine will, take a spitting cobra if it's free.

Thank you, drive through.




-- 
Buddy Brannan, KB5ELV    | I choose you to take up all of my time.
Email: davros@ycardz.com | I choose you because you're funny and kind
Phone: (972) 276-6360    | I want easy people from now on.
                         | --the Nields

re: /proc/speakup

[Raul A. Gallegos]

The best and most complete firewall is to get rid of the physical layer which is the first of 7 layers of osi networking.  Of course when you physically unplug 
your machne off the network you can't go anywhere either yourself.  What I'm getting at is that /proc/speakup isn't any more or less secure than anything 
else in /proc.

On Wed, 14 Feb 2001 18:14:20 -0800, Tyler Spivey wrote:

>/proc/speakup was a bad idea. because:
>1. if a hacker gained root, you couldn't turn off the net or something without speech. (if
>someone shut it off)
>i think a keypad configuration system would be in order. use one of the unused keys, or see if numlock is on/off, and if its one way, use rate pitch and 
volume on the keypad.
>check if scroll lock is on (no one uses it) and do other things.
>scroll+num, +caps. things like that.
>just my 2 sents. and i'm looking for someone that can give me free synths, (i almost had one, 
>but the guy got really mad and ignores me).
>
>_______________________________________________
>Speakup mailing list
>Speakup@braille.uwo.ca
>http://speech.braille.uwo.ca/mailman/listinfo/speakup
>



Raul A. Gallegos -- raul@asmodean.net
msn id: ragallegos@hotmail.com -- icq: 5283055
http://www.asmodean.net

re: /proc/speakup

[Kirk Wood]

On Wed, 14 Feb 2001, Tyler Spivey wrote:
> /proc/speakup was a bad idea. because:
> 1. if a hacker gained root, you couldn't turn off the net or something without speech. (if
> someone shut it off)

If someone hacks your box, you had best just shut the machine off, or
remove it from the network with the cable. Anything else is asking for
things to get worse. But let me give some more detail here:

1) If they compromise your system how do you know when you have regained
complete control? The wise thing to do is to completely re-install the OS
saving only the home directory.

2) As Bill pointed out haow many will even go for this? Hello?? Unless
they are on the list they will need to go find out how to do all these
evil nasty things. If this is a problem you need to replace your
"friends."

3) Perhaps if this is a serious threat the fact they can shut down the
volume is not good it is great. At least you will know someone is messing
arround. Chances are if it is a real hacker and you notice the first
indication is that you can't log in.

4) Someone messing with your speakup is showing they know something about
the product. Evan as vast a user base as speakup has, this is a limiting
factor. Spend your energy lowering your chances of being hacked. Learn
more about ipchains and other security tools.

=======
Kirk Wood
Cpt.Kirk@1tree.net

Nothing is hard if you know the answer or are used to doing it.

re: /proc/speakup

[Brent Harding]

If one backed up, use the last backup before you were compromised, so long
as things weren't backed up again after the compromise.
At 09:11 PM 2/14/01 -0600, you wrote:
>On Wed, 14 Feb 2001, Tyler Spivey wrote:
>> /proc/speakup was a bad idea. because:
>> 1. if a hacker gained root, you couldn't turn off the net or something
without speech. (if
>> someone shut it off)
>
>If someone hacks your box, you had best just shut the machine off, or
>remove it from the network with the cable. Anything else is asking for
>things to get worse. But let me give some more detail here:
>
>1) If they compromise your system how do you know when you have regained
>complete control? The wise thing to do is to completely re-install the OS
>saving only the home directory.
>
>2) As Bill pointed out haow many will even go for this? Hello?? Unless
>they are on the list they will need to go find out how to do all these
>evil nasty things. If this is a problem you need to replace your
>"friends."
>
>3) Perhaps if this is a serious threat the fact they can shut down the
>volume is not good it is great. At least you will know someone is messing
>arround. Chances are if it is a real hacker and you notice the first
>indication is that you can't log in.
>
>4) Someone messing with your speakup is showing they know something about
>the product. Evan as vast a user base as speakup has, this is a limiting
>factor. Spend your energy lowering your chances of being hacked. Learn
>more about ipchains and other security tools.
>
>=======
>Kirk Wood
>Cpt.Kirk@1tree.net
>
>Nothing is hard if you know the answer or are used to doing it.
>
>
>_______________________________________________
>Speakup mailing list
>Speakup@braille.uwo.ca
>http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
>
>

Re: /proc/speakup

[Kerry Hoath]

Oh wow! so what stops a hacker from patching the running kernel?
How about stuffing keystrokes into the kernel's keyboard routines?
Who says nobody uses scroll lock? It is used to stop scrolling on the console
if I remember correctly.
You have to way up usability verses security, what if I want to change the speeech rates on a machine
200 miles away but I just can't quite reach the keypad from here :-P
Perhapse we should remove the /proc file system altogether from the kernel and go back to using evil software
with hidious security problems that use bizare and antiquated ioctls?
Obviously not.

Regarding free synthisizers; I have a votrax pss here <wicked grin>
Remember the synthisizers that work well with speakup are of sufficient complexity
which means they aren't cheap. Most people with them are understandably
unwilling to part with them.
Either get a real pc (P166 or better) or save the $250US for a doubletalk.
Failing that; write a braillenote driver for us.
The codes are documented, I can even get you keynote gold control codes if you
have something of that type.
Your other option is to pick up an old symphonics or similar card; jam it in an XT with a floppy drive,
get some real comms software like commo or ms-kermit
(not telix) and use serial terminals. They work
just fine.
With the serial terminal you now have write a driver for your favourite synth and contribute it.
You might even pick up an internal doubletalk card rather cheap; especially if it has old roms.
Perhapse somebody has an echo GP you could write a driver for that's a hellishly simple command-set.

Regards, Kerry.
On Wed, Feb 14, 2001 at 06:14:20PM -0800, Tyler Spivey wrote:
> /proc/speakup was a bad idea. because:
> 1. if a hacker gained root, you couldn't turn off the net or something without speech. (if
> someone shut it off)
> i think a keypad configuration system would be in order. use one of the unused keys, or see if numlock is on/off, and if its one way, use rate pitch and volume on the keypad.
> check if scroll lock is on (no one uses it) and do other things.
> scroll+num, +caps. things like that.
> just my 2 sents. and i'm looking for someone that can give me free synths, (i almost had one, 
> but the guy got really mad and ignores me).
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

-- 
--
Kerry Hoath: kerry@gotss.eu.org
Alternates: kerry@emusys.com.au kerry@gotss.spice.net.au or khoath@lis.net.au
ICQ UIN: 8226547

re: /proc/speakup

[Geoff Shang]

On Wed, 14 Feb 2001, Tyler Spivey wrote:

> /proc/speakup was a bad idea. because: 1. if a hacker gained root, you
> couldn't turn off the net or something without speech. (if someone shut
> it off)

Yeah I could, pull the plug out.  That'd stop 'em.

> i think a keypad configuration system would be in order. use one of the

This is no good, you couldn't configure your system to automatically load
your desired settings (refer to today's earlier posts).  Anyway, someone
can easily load in a bogus keymap, which would hurt more than just having
no speech.

> sents. and i'm looking for someone that can give me free synths, (i
> almost had one, but the guy got really mad and ignores me).

I'll have it.

Geoff.

Re: /proc/speakup

[Gene Collins]

Hi all.  The proc/speakup system was designed to allow users to more
easily control various speakup/synthesizer configuration parameters. 
The idea that you can't stop a hacker from doing something just because
you don't have speech is ludicrous.  Hasn't anyone ever heard of just
pulling the cable, or hitting control alt-del to reboot the machine?  If
you have a hacker on your system, you'll probably want to reboot into
single user mode anyway, in order to clean up what he/she has been
doing.  The other advantage to the proc/speakup system is that it allows
folks to set speech parameters during the installation process of Linux
in order to make speech more understandable.  It also means you don't
have to get some other program to configure your speech, the
configuration capability is already built into speakup itself.  As for
keyboard configuration, rtfm about keymaps and load and dump keys, and
you can configure your keyboard just about anyway you like.  The moral
of the storry, don't look a gift horse in the mouth!

Gene Collins


>/proc/speakup was a bad idea. because:
>1. if a hacker gained root, you couldn't turn off the net or something without
 speech. (if
>someone shut it off)
>i think a keypad configuration system would be in order. use one of the unused
 keys, or see if numlock is on/off, and if its one way, use rate pitch and volu
me on the keypad.
>check if scroll lock is on (no one uses it) and do other things.
>scroll+num, +caps. things like that.
>just my 2 sents. and i'm looking for someone that can give me free synths, (i 
almost had one, 
>but the guy got really mad and ignores me).
>
>_______________________________________________
>Speakup mailing list
>Speakup@braille.uwo.ca
>http://speech.braille.uwo.ca/mailman/listinfo/speakup

/proc/speakup

[Tyler Spivey]

immagin tis: a hacker is threating your system, and ou ar running speakup.
though theirs no way ot shut it off, with /proc/speakup you can mess it up. sinceany ser cn write t it (i think),
people could adjust your rat and stuff while they do their work, and by the time you had it running, you'd be dead.
i'm lucky i'm behind some kind of firewall myself, for when i get better internet i'll be faced with maybe a hacker or 2.
and i fi bring my braille lite home, i'll probably plug it in again with speakup.

Re: /proc/speakup

[Buddy Brannan]

Ooh, gotta watch out for those evyl hackers. 


-- 
Buddy Brannan, KB5ELV    | I choose you to take up all of my time.
Email: davros@ycardz.com | I choose you because you're funny and kind
Phone: (972) 276-6360    | I want easy people from now on.
                         | --the Nields

Re: /proc/speakup

[Geoff Shang]

Hi:

Well of course, you can still be behind a firewall if you run one on the
linux box itself, but your point is a good one.  As much as I don't fear
hackers, I am bothered that another user could arbitrarily set my speech
params to something else, like the volume to minimum or something.  Jim and
I are debating this currently on the reflector.

My current thinking is to make it all root writeable only and get users to
implement sudo for non-root access, but unless you want to force this
situation onto people you need to make the proc/speakup permissions
settable, which they aren't at present.

Geoff.

Re: /proc/speakup

[Steve Holmes]

I thought I heard a while back that only root could update these files.
Is that so?

On Thu, 15 Feb 2001, Geoff Shang wrote:

> Hi:
> 
> Well of course, you can still be behind a firewall if you run one on the
> linux box itself, but your point is a good one.  As much as I don't fear
> hackers, I am bothered that another user could arbitrarily set my speech
> params to something else, like the volume to minimum or something.  Jim and
> I are debating this currently on the reflector.
> 
> My current thinking is to make it all root writeable only and get users to
> implement sudo for non-root access, but unless you want to force this
> situation onto people you need to make the proc/speakup permissions
> settable, which they aren't at present.
> 
> Geoff.
> 
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

Re: /proc/speakup

[Geoff Shang]

On Thu, 15 Feb 2001, Steve Holmes wrote:

> I thought I heard a while back that only root could update these files.
> Is that so?

That is not so.  The files in /proc/speakup apart from the exceptions
discussed earlier today can be updated by any user on the system.  There
are some files in /proc/speakup/<synth> (where <synth> is the currently
used synth) which contain data that, if modified, might cause serious
damage to the system.  These files therefore can only be modified by root.

Since the proc file system is only a vertual file system, commands like
chmod and chown do not actually work, even though they return without
errors.  The permissions have to be set as part of the speakup code.  Jim
and I discussed alternative access methods for these files, but the choices
seem to be access for all or access for no-one except root, without making
it a configurable option in either the kernel command line or perhaps the
kernel config.  Personally, I'd be quite happy to see all this be root
access only, but I can understand why people might want to be able to
change synth settings in user-space.

Geoff.

Re: /proc/speakup

[William F. Acker WB2FLW +1-303-777-8123]

Oh,yeah.  Millions of script kiddies are just drooling over the
prospect of messing with a system running Speakup.  Such a widely known
and used product, don't ya know.  BTW, I think one already got to your
keyboard.





          Bill in Denver

On Wed, 14 Feb 2001, Tyler Spivey wrote:

> immagin tis: a hacker is threating your system, and ou ar running speakup.
> though theirs no way ot shut it off, with /proc/speakup you can mess it up. sinceany ser cn write t it (i think),
> people could adjust your rat and stuff while they do their work, and by the time you had it running, you'd be dead.
> i'm lucky i'm behind some kind of firewall myself, for when i get better internet i'll be faced with maybe a hacker or 2.
> and i fi bring my braille lite home, i'll probably plug it in again with speakup.
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>

Re: /proc/speakup

[raul]

The thing about hackers is they normally don't attack someone to hurt
them, they just do it to see if they can.  For the most part uunless you
are a well-known annoyance or large company with valuable secrets you
dont' have to worry.  Having a good firewall is good though to prevent
nosy folks from seeing what you got.


On Wed, 14 Feb 2001, Tyler Spivey wrote:

> Date: Wed, 14 Feb 2001 16:30:44 -0800
> From: Tyler Spivey <tyler@wapvi.bc.ca>
> Reply-To: speakup@braille.uwo.ca
> To: speakup@braille.uwo.ca
> Subject: /proc/speakup
>
> immagin tis: a hacker is threating your system, and ou ar running speakup.
> though theirs no way ot shut it off, with /proc/speakup you can mess it up. sinceany ser cn write t it (i think),
> people could adjust your rat and stuff while they do their work, and by the time you had it running, you'd be dead.
> i'm lucky i'm behind some kind of firewall myself, for when i get better internet i'll be faced with maybe a hacker or 2.
> and i fi bring my braille lite home, i'll probably plug it in again with speakup.
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>

Re: /proc/speakup

[Kerry Hoath]

Most hackers will have obtained root access to your system rather
quickly, so although making the /proc filesystem permitions setable is a good idea,
the average hacker with root access can circumvent this.
Also, how many hackers will know to look for a /proc/speakup directory? From a remote point
of view you can't see that speakup is running on a box unless you know what you
are looking for, config files in /etc; /proc etc.
A hacker can just as easily trash your sound volumes or file systems if they have root.
Once a user is in the system; security is questionable at best.
Keep hackers out of the system by preventing them from getting past the login prompt.
/bin/login is your first line of defence; use it.
Bad passwords will let more script kiddies into your system faster than the
esoteric buffer overflow only exploitable on the night of a fullmoon
whilst the wolves are howling at the back (not the front) door :-)
Keep passwords in the clear off the network. Regular pop3 is a bad thing, unless you
use md5 authentication; if you must telnet, use ssltelnet on
both ends. If you must ssh, keep it up to date.
A recent buffer overflow in openssh was fixed that could allow root access.

If you want total security, unplug your computer and turn it off.
If you want excellent security; don't connect it to the internet :-)

Regards, Kerry.
On Wed, Feb 14, 2001 at 04:30:44PM -0800, Tyler Spivey wrote:
> immagin tis: a hacker is threating your system, and ou ar running speakup.
> though theirs no way ot shut it off, with /proc/speakup you can mess it up. sinceany ser cn write t it (i think),
> people could adjust your rat and stuff while they do their work, and by the time you had it running, you'd be dead.
> i'm lucky i'm behind some kind of firewall myself, for when i get better internet i'll be faced with maybe a hacker or 2.
> and i fi bring my braille lite home, i'll probably plug it in again with speakup.
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

-- 
--
Kerry Hoath: kerry@gotss.eu.org
Alternates: kerry@emusys.com.au kerry@gotss.spice.net.au or khoath@lis.net.au
ICQ UIN: 8226547