running speech-dispatcher as non-root using setuid on XO and accompanying security issues

Hemant Goyal goyal.hemant at gmail.com
Fri Jul 18 11:55:13 EDT 2008 

Hi,

Thanks all for your inputs :)

I managed to make speech-dispatcher as non-root using /tmp/speechd.pid and
relocating the log files that were being written to /home/olpc/.speechd/.
Since I started speech-dispatcher through the user olpc the log files need
to be in a ~/ of olpc.

@James:

> I have some experience using speech-dispatcher and it seems to me that the
> XO really doesn't need to run speech-dispatcher any differently than any
> other computer does (other than getting rid of unnecessary dependencies of
> course).  My understanding of what you want to do is that you want your
> contro,l panel to change the default settings in speechd.conf and restart
> speech-dispatcher so that all Activities that use speech will have these new
> default values to work with.


In addition to what you have suggested, we want that a user be able to
select speech synthesis settings in sugar-control-panel, and that those
settings transparently get applied to all other client connections without
the knowledge of the developer in the background when a connection is
established.

To my mind doing this (if I understand you correctly) is like burning down
> your house to cook a pig.  Speech-dispatcher lets you override pretty much
> anything in speechd.conf.  Since that is true, isn't the real problem how to
> give Sugar Activities a way to get these values set up for them using some
> data store maintained by your control panel?  The data store doesn't have to
> be speechd.conf.  It could be any file that can be updated by your control
> panel and read by other Activities.  The Sugar API could have a method that
> takes the speechd client as a parameter and applies all the system-wide
> defaults that you are maintaining to it.  After that the Activity could make
> changes on its own and save the values as meta information or whatever.


Right, we did consider this approach but :

   1. maintaining 2 copies of a similar configuration was not an elegant
   design option
   2. we do not want the developer to make any effort whatsoever when they
   connect with speech-dispatcher to read/write/get and apply these settings
   every time they connect to speechd. In short this will lead to redundancy or
   replication of the code throughout activities, which will just be getting
   the settings and then applying them for their client connection.

On the other hand, with the present approach of modifying speechd.conf the
activity developer will not be required to write code to read these settings
from the datastore and apply them for his/her own connection with speechd,
instead the sugar defaults will be read and applied by speech-dispatcher
themselves.

Please let me know in case I have misinterpreted the point made by you.

In any case, speechd does not have to run with dangerous permissions and
> Sugar Activities should get the benefit of your control panel with minimal
> work.


Right, I have fixed this in my RPM package. I will soon be releasing the
newest RPM which wont have any additional dependencies and which can be
started by olpc user on the laptop.

Thanks again for all the inputs.

Cheers!
Hemant
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.laptop.org/pipermail/devel/attachments/20080718/eb414697/attachment.html>

More information about the Devel mailing list