World writable speakup files in Linux next

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Dec 13, 2010 at 02:06:12PM +0100, Samuel Thibault wrote:
> > >But, the world writable bit can be seen as a big security issue right
> > >now, right?  It would be good to get that fixed, or at the very least,
> > >narrowed down a lot right now.

	Can't you just monitor for keyboard activity alone, as when 
you're in a terminal console, operating the system remotely, you don't 
need to issue commands to SpeakUP?  Only at the local keyboard?

	Maybe it's too complicated because of the kernel or what-not.  I 
don't know.  I just figure that if it's not coming from /dev/Stty#, then 
the command should be allowed, or only allowed if the commands are being 
issued by a logged in user at the console, unless it's a major security 
risk to have the cat accidently pressing a SpeakUp key combo.  If you 
trust a person on your system enough to give them a user account, then 
it stands reasonable that you alsod trust them enough not to F with /sys 
and speakupconf without knowing what they're doing

				Michael



[Index of Archives]     [Linux for the Blind]     [Fedora Discussioin]     [Linux Kernel]     [Yosemite News]     [Big List of Linux Books]
  Powered by Linux