Re: Bug#352303: ITP: gsynaptics -- configuration tool for Synaptics touchpad driver of X
la, 2006-02-11 kello 13:30 +0900, Osamu Aoki kirjoitti:
> GSynaptics is a configuration tool for Synaptics touchpad driver
> of X server. Before you use this package, please read
> /usr/share/doc/gsynaptics/README and configure X server properly.
"Properly" is a bad word to use in this context, since the configuration
in question seems to result in a potential security problem. From the
xfree86-driver-synaptics README.Debian file:
If you want to be able to change driver parameters without
restarting the X server, enable the "SHMConfig" option in the X
configuration file. You can then use the "synclient" program to
query and modify driver parameters on the fly.
SECURITY NOTE! This is not secure if you are in an untrusted
multiuser environment. All local users can change the parameters at
I think it would be fair to add a similar note to the description of the
Note that I'm not saying that this is a serious problem with the
package: in many situations it does not matter if the touchpad settings
can be changed by any local user. For example, on a laptop with only a
single user account, or with many accounts but no way to log in via a
network. These can be an acceptable risk for the ease of configuration.
It is, however, important to notify the person installing the package
about the issue.
Even a bad picture is worth 500 words. --Droidy