Hi Greg and all, If you are reading the speakup mailing list, and you reply to this, please keep all addresses in the to and cc lines as they are and do not drop anyone. Greg, if you are not subscribed to the speakup list, they will not have seen your original message, so this reply is the first message they will see. On Fri, Dec 10, 2010 at 11:00:47AM -0800, greg wrote: > Hi all, > > In doing an audit of world writable sysfs files in the kernel tree, it > turns out that the speakup subsystem has a lot of them. > > It's usually not a good idea to allow any user to write to sysfs files, > unless you are really going to be able to handle it properly. > > As I don't want to just blindly remove the world writable permissions on > all of these files, could someone go through and verify which ones > should and should not be world writable? I will look this over, but as far as I know, all of the world writable files in the speakup sub system represent settings which we want to allow the local user to change. > Also remember, sysfs files can be set to be owned by specific users by > udev, so the "local" user to the system can have things set to be > writable by them if needed. But that happens in userspace, don't set > the values as writable by any user by default from within the kernel. I don't know anything about this feature in udev. Is it dynamic, e.g. if I log into my system locally, would I be able to write to these files, then if kirk were physically here and logged into my system, would he be able to write to them? We have discussed this on the speakup list before, but the only way we knew of to get around it was to use a "speakup" group and make all of the files owned by root and this speakup group. But, that group would then have to have the same name for all linux distros, and I don't think we want to go that route unless we have to. I like what you are talking about, Greg, if it works the way I hope it DOES -- being able to change the ownership of the sysfs files on the fly based on who is logged in locally. Can you show me a udev snippet that would allow this? If so, and we can get it to work, what do we need to do to get it in the main udev configuration? Thanks, William
