Speech Dispatcher 0.7 Beta -- Please help with testing

[Bill Cox]

I like the socket approach, but I guess your concern may be why Luke
was thinking of using dbus.  Still, a denial of service that requires
users already be logged into the machine is a far smaller security
hole.  Right now, a clever hacker could most likely find a way to
cause one of the less well maintained speech-dispatcher subsystems to
execute arbitrary code, remotely though a wide-open TCP port.  I think
a switch to file sockets is a sensible short-term fix.  One of my
favorite tricks to play on blind guys I'm supporting in Vinux is to
start talking to them through the speech-dispatcher TCP port.  If you
ever let me into a machine on your network, don't be surprised when
your machines running Orca start saying the strangest things!

Bill

On Tue, Apr 27, 2010 at 7:07 PM, Samuel Thibault
<samuel.thibault at ens-lyon.org> wrote:
> trev.saunders at gmail.com, le Tue 27 Apr 2010 14:30:39 -0400, a écrit :
>> THere is a rather large local security problem with your use of unix sockets.  It is very easy for a local hostile user to cause a denial of service, because you put the unix sockets in a world readable place with *very* predictable names.  They are so predictable because a the only thing that the attacker has to gues is the UID of the user, and because UID's for standard users start at 1000, and are assigned in order, the attacker would only have to create say 100 files, wich with a simple shell script is trivial.
>
> That's actually not really new, compared to the previous TCP/IP
> approach.
>
> The place (or port number) has to be well-known for applications to be
> able to connect to it anyway, so any security layer needs to be added
> after connection.
>
> Samuel
>
> --
> Ubuntu-accessibility mailing list
> Ubuntu-accessibility at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-accessibility
>