[BRLTTY] permissions on the brlapi.key file

John Covici covici at ccs.covici.com
Sun Aug 28 10:53:03 EDT 2016 

Just a minor point, orca only runs as gdm user when on the log in
screen, otherwise it runs as  the user you logged in as, so the key
needs to be readable by that user as well.

On Sun, 28 Aug 2016 09:48:53 -0400,
Dave Mielke wrote:
> 
> [quoted lines by kendell clark on 2016/08/27 at 23:41 -0500]
> 
> >I think I understand, brlapi.key is set that way to be more secure.
> 
> Yes. It's installed to be the most secure (only readable by root), and then a 
> distribution is free to lessen the security as it sees fit.
> 
> >Would specifying read access by everyone, but write and execute access to root 
> >only compromise the security?
> 
> That wouldn't be secure at all as anyone would be able to know what it is. The 
> reason it should be as secure as it cn be is so that untrusted people can't 
> take over control of what's on your braille display.
> 
> >After all, orca only needs to read the file, not change it. 
> 
> That's why it should be readable by Orca without being readable by everyone. 
> 
> Here's another idea. Create a new group named brlapi. Make /etc/brlapi.key 
> owned by root:brlapi and have permissions 640. This'd make it read-write by 
> root (for editing) and read-only to any user within the brlapi group. Then add 
> the brlapi group as a secondary login group for the gdm user (which Orca runs 
> as).
> 
> >I don't mean to ask for anything unreasonable, but some of my users are ... 
> >very demanding. They expect to plug in their display, either via usb or 
> >bluetooth, and have it work immediately. If they have to do so much as a 
> >single thing, this is hard 
> 
> I agree with those users. It should just work. Making it just work, though, 
> shouldn't include making it work poorly.
> 
> -- 
> Dave Mielke           | 2213 Fox Crescent | The Bible is the very Word of God.
> Phone: 1-613-726-0014 | Ottawa, Ontario   | http://Mielke.cc/bible/
> EMail: Dave at Mielke.cc | Canada  K2A 1H7   | http://FamilyRadio.org/
> _______________________________________________
> This message was sent via the BRLTTY mailing list.
> To post a message, send an e-mail to: BRLTTY at mielke.cc
> For general information, go to: http://mielke.cc/mailman/listinfo/brltty

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

         John Covici
         covici at ccs.covici.com

More information about the BRLTTY mailing list