[<prev] [next>] [day] [month] [year] [list]
Message-ID: <87psv784sw.fsf@deneb.enyo.de>
Date: Tue May 31 22:27:24 2005
From: fw at deneb.enyo.de (Florian Weimer)
Subject: Reminder: XGrabKeyboard is not a security
interface
Some application authors assume that the XGrabKeyboard function can be
used to obtain exclusive access to the keyboard, to prevent other X11
clients on the same display from eavesdropping key presses (such as
passwords). It's been known for some time that this is not the case
(for example, Casper H.S. Dik mentioned this in a November 1994
posting, <3afddh$1hq@...l.fwi.uva.nl>): clients can poll the keyboard
using XQueryKeymap. A tool called "xspy" demonstrates this.
Recent versions of the xterm manpage contain a carefully worded
warning at the end of the paragraph quoted below:
| The xterm menu (see MENUS above) contains a Secure Keyboard entry
| which, when enabled, attempts to ensure that all keyboard input is
| directed only to xterm (using the GrabKeyboard protocol request).
| When an application prompts you for a password (or other sensitive
| data), you can enable Secure Keyboard using the menu, type in the
| data, and then disable Secure Keyboard using the menu again. This
| ensures that you know which window is accepting your keystrokes. It
| cannot ensure that there are no processes which have access to your
| X display that might be observing the keystrokes as well.
But there are other applications (quintuple-agent, to name just one)
whose documentation or source code indicates that the authors think
that XGrabKeyboard prevents keyboard sniffing from other X clients.
It doesn't, and end user documentation should not suggest that it is
safe to run trusted and untrusted clients on the same X11 display.
The X Security Extension prevents the use of XQueryKeymap by
non-trusted clients. However, little beyond that is known about its
effectiveness.
Powered by blists - more mailing lists