On Mon, Dec 13, 2010 at 02:06:12PM +0100, Samuel Thibault wrote: > > >But, the world writable bit can be seen as a big security issue right > > >now, right? It would be good to get that fixed, or at the very least, > > >narrowed down a lot right now. Can't you just monitor for keyboard activity alone, as when you're in a terminal console, operating the system remotely, you don't need to issue commands to SpeakUP? Only at the local keyboard? Maybe it's too complicated because of the kernel or what-not. I don't know. I just figure that if it's not coming from /dev/Stty#, then the command should be allowed, or only allowed if the commands are being issued by a logged in user at the console, unless it's a major security risk to have the cat accidently pressing a SpeakUp key combo. If you trust a person on your system enough to give them a user account, then it stands reasonable that you alsod trust them enough not to F with /sys and speakupconf without knowing what they're doing Michael
