[BRLTTY] Lacking privilege separation on Linux regarding the brltty service user
Samuel Thibault
samuel.thibault at ens-lyon.org
Wed Dec 13 11:47:30 EST 2023
Hello,
matthias.gerstner at suse.de, le mer. 13 déc. 2023 15:06:16 +0100, a ecrit:
> - root:
> - for USB I/O via USBFS (using the devices in /dev/bus/usb/).
> - for creating virtual devices via the uinput device.
> - cap_sys_admin: For injecting input characters typed on a braille device.
These are currently essential for most uses, we can't really disable
them.
> Maybe this is an area where brltty on Linux can be improved in future
> releases.
The improvement is not needed in brltty, but in Linux, to provide
capabilities that allow what we need. For instance we had been
asking/proposing for the input character injection, without answers...
Samuel
More information about the BRLTTY
mailing list