Package: gnome-orca Version: 3.4.2-2 Severity: normal Hi Orca folks--
It looks like the gnome screen-reader reads back every key pressed into a password text entry field. If the computer in question has public audio enabled, this effectively reads the user's password aloud to anyone else in the room. Most egregiously, this happens in the gdm3 login greeter during password entry. This is particularly bad because anyone (without authentication) can enable the screen reader for the gdm3 greeter via the accessibility menu (see http://bugs.debian.org/689559), and leave it that way for the next person who logs in. I note that sometimes (i haven't been able to track down what the difference is), gnome does read each character of the password text as "asterisk". that's clumsy, but it's way better from a security point of view than the behavior i'm currently seeing (hearing). To reproduce the problem, i launched a kvm guest with a minimal wheezy install, then installed (without Recommends): xserver-xorg orca gnome-orca pulseaudio pulseaudio-module-x11 xbrlapi gnome-mag libbonobo2-bin speech-dispatcher-festival festvox-kallpc16k sox sound-icons openbox at-spi2-core desktop-base gnome-icon-theme-symbolic and then, finally: apt-get install gdm3 It seems likely that an even more minimalist config could reproduce the problem too. --dkg -- System Information: Debian Release: 7.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages gnome-orca depends on: ii gir1.2-gtk-3.0 3.4.2-6 ii gir1.2-pango-1.0 1.30.0-1 ii gir1.2-wnck-3.0 3.4.2-1 ii python 2.7.3-4+deb7u1 ii python-brlapi 4.4-10+deb7u1 ii python-cairo 1.8.8-1+b2 ii python-dbus 1.1.1-1 ii python-gi 3.2.2-2 ii python-louis 2.4.1-1 ii python-pyatspi2 2.5.3+dfsg-3 ii python-speechd 0.7.1-6.2 ii python-support 1.0.15 ii python-xdg 0.19-5 ii speech-dispatcher 0.7.1-6.2 Versions of packages gnome-orca recommends: ii gnome-mag 1:0.16.3-1 ii wget 1.13.4-3 ii xbrlapi 4.4-10+deb7u1 gnome-orca suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
