Re: Using festival in Orca (opens a shell)
Hello,
Carles Pina i Estany, le dim. 18 janv. 2026 07:54:47 +0100, a ecrit:
> carles@pinux:~$ telnet localhost 1314
> Trying ::1...
> Connection failed: S’ha refusat la connexió
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> (system "whoami > /tmp/festival-whoami2.txt")
> LP
> nil
> ft_StUfF_keyOK
Ah, festival people didn't restrict what you can do with it?
I guess they assumed it wouldn't be run as a system service, but still,
exposing as a tcp port means any user on the system can access this.
The systemd unit recently introduced at least shrinks down the
permissions to the dynamic user permissions, so it actually reduces
the concern to "somebody that has localhost tcp access has access as
anonymous user", which is way better than "somebody that has localhost
tcp access has access as whatever user who happened to start festival."
> If it's a problem, in the short term: should we have a debconf question
> asking if the festival.socket/festival.service should be enabled? (the
> pros and cons)
I don't think it's a too strong concern.
But we'd rather make festival listen on a per-user unix socket and mix
that with systemd so it is auto-activated per-user, contribution
welcome!
Samuel
Reply to: