[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SpeechIO-190] don't run festival as root on a multiuser system

Apparently there are a number of warnings somewhere about festival not
being the most secure of programs.

It is good that festival, by default, only accepts connections from

Anyone with an account on a machine running festival --server can execute
any shell command with the privledges of the user running festival by

 telnet localhost 1314
 (System "cat /etc/passwd")

Where "cat /etc/passwd" (w/out the quotes) is any command.

It is apparently possible to restrict what functions are usable with
server_safe_functions (have not looked into this).  That would allow you
to disable the System function.  

Kyle did comment, in the beginning, that there could be problems with
possible tainted data getting into the festival server, and executing
functions that we did not wish to execute.  We didn't think about the
possibility of a user just telnetting into the port and doing these things

There is also talk of a text only mode for the festival server, which
would only accept text input instead of scheme code (the scripting
language festival uses, which is a superset of lisp).  

So.. don't run festival as root on a box that anybody else has an account
on.  It would be best to create its own account (called, like, festival),
and su to it in its startup script.  I'll have to modify the default
behavior of speechd to spawn festival su'd to user festival as soon as I
get my Linux drive back (hd crash) and get Linux reinstalled.  

Feel free to do it yourself & send me a patch. 

I will be buggin the festival developers for a text only input mode to
the festival server.  As soon as there is one, speechd will switch to
using it. 
PGP fingerprint = 03 5B 9B A0 16 33 91 2F  A5 77 BC EE 43 71 98 D4
            darxus@op.net / http://www.op.net/~darxus
          Join the Great Internet Mersenne Prime Search