Speech Dispatcher 0.7 Beta -- Please help with testing

[Bill Cox]

I like the socket approach, but I guess your concern may be why Luke
was thinking of using dbus.  Still, a denial of service that requires
users already be logged into the machine is a far smaller security
hole.  Right now, a clever hacker could most likely find a way to
cause one of the less well maintained speech-dispatcher subsystems to
execute arbitrary code, remotely though a wide-open TCP port.  I think
a switch to file sockets is a sensible short-term fix.  One of my
favorite tricks to play on blind guys I'm supporting in Vinux is to
start talking to them through the speech-dispatcher TCP port.  If you
ever let me into a machine on your network, don't be surprised when
your machines running Orca start saying the strangest things!

Bill

On Tue, Apr 27, 2010 at 7:07 PM, Samuel Thibault
<samuel.thibault at ens-lyon.org> wrote:
> trev.saunders at gmail.com, le Tue 27 Apr 2010 14:30:39 -0400, a ?crit :
>> THere is a rather large local security problem with your use of unix 
>> sockets. ?It is very easy for a local hostile user to cause a denial of 
>> service, because you put the unix sockets in a world readable place with 
>> *very* predictable names. ?They are so predictable because a the only thing 
>> that the attacker has to gues is the UID of the user, and because UID's for 
>> standard users start at 1000, and are assigned in order, the attacker would 
>> only have to create say 100 files, wich with a simple shell script is 
>> trivial.
>
> That's actually not really new, compared to the previous TCP/IP
> approach.
>
> The place (or port number) has to be well-known for applications to be
> able to connect to it anyway, so any security layer needs to be added
> after connection.
>
> Samuel
>
> --
> Ubuntu-accessibility mailing list
> Ubuntu-accessibility at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-accessibility
>