I like the socket approach, but I guess your concern may be why Luke was thinking of using dbus. Still, a denial of service that requires users already be logged into the machine is a far smaller security hole. Right now, a clever hacker could most likely find a way to cause one of the less well maintained speech-dispatcher subsystems to execute arbitrary code, remotely though a wide-open TCP port. I think a switch to file sockets is a sensible short-term fix. One of my favorite tricks to play on blind guys I'm supporting in Vinux is to start talking to them through the speech-dispatcher TCP port. If you ever let me into a machine on your network, don't be surprised when your machines running Orca start saying the strangest things!
Bill On Tue, Apr 27, 2010 at 7:07 PM, Samuel Thibault <[email protected]> wrote: > [email protected], le Tue 27 Apr 2010 14:30:39 -0400, a écrit : >> THere is a rather large local security problem with your use of unix >> sockets. It is very easy for a local hostile user to cause a denial of >> service, because you put the unix sockets in a world readable place with >> *very* predictable names. They are so predictable because a the only thing >> that the attacker has to gues is the UID of the user, and because UID's for >> standard users start at 1000, and are assigned in order, the attacker would >> only have to create say 100 files, wich with a simple shell script is >> trivial. > > That's actually not really new, compared to the previous TCP/IP > approach. > > The place (or port number) has to be well-known for applications to be > able to connect to it anyway, so any security layer needs to be added > after connection. > > Samuel > > -- > Ubuntu-accessibility mailing list > [email protected] > https://lists.ubuntu.com/mailman/listinfo/ubuntu-accessibility > -- Ubuntu-accessibility mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-accessibility
