[BRLTTY] contracted braille was Re: permissions on the brlapi.key file

kendell clark coffeekingms at gmail.com
Mon Aug 29 06:16:18 EDT 2016 

hi

John's got a point. I don't use gdm in all of my images, only the gnome 
one. On our mate image I use lightdm. But the brlapi group sounds like a 
great idea. I'll have to talk with the manjaro people and have them 
modify their build scripts, but would simplifying it to "braille" work? 
That way anyone with access to the braille group could use braille, but 
anyone who wasn't couldn't. I'm finally beginning to understand why 
security is so tight. I'd set up the build scripts so that the default 
"sonar" user that's created is in the braille group, and when you 
install it, if you install it, the user that gets created during 
installation gets added to the "braille" group so it just works. There 
is one other thing I thought i'd better bring up, but I'll change the 
subject since this has nothing to do with brlapi.key. If you plug in the 
display after orca and brltty are started, once the "screen not in text 
mode" message goes away, what appears on the display looks like random 
characters until orca is restarted. Is this a brltty issue or an orca 
one? I'm leaning towards orca, but want to make sure before bugging the 
orca list. My users have described it as "chicken scratch" and it does 
look random. It only happens if contracted braille is enables, otherwise 
you can plug the display in at any time and it works.

Thanks

Kendell Clark



On 08/28/2016 08:48 AM, Dave Mielke wrote:
> [quoted lines by kendell clark on 2016/08/27 at 23:41 -0500]
>
>> I think I understand, brlapi.key is set that way to be more secure.
> Yes. It's installed to be the most secure (only readable by root), and then a
> distribution is free to lessen the security as it sees fit.
>
>> Would specifying read access by everyone, but write and execute access to root
>> only compromise the security?
> That wouldn't be secure at all as anyone would be able to know what it is. The
> reason it should be as secure as it cn be is so that untrusted people can't
> take over control of what's on your braille display.
>
>> After all, orca only needs to read the file, not change it.
> That's why it should be readable by Orca without being readable by everyone.
>
> Here's another idea. Create a new group named brlapi. Make /etc/brlapi.key
> owned by root:brlapi and have permissions 640. This'd make it read-write by
> root (for editing) and read-only to any user within the brlapi group. Then add
> the brlapi group as a secondary login group for the gdm user (which Orca runs
> as).
>
>> I don't mean to ask for anything unreasonable, but some of my users are ...
>> very demanding. They expect to plug in their display, either via usb or
>> bluetooth, and have it work immediately. If they have to do so much as a
>> single thing, this is hard
> I agree with those users. It should just work. Making it just work, though,
> shouldn't include making it work poorly.
>

More information about the BRLTTY mailing list