[Trac #260] Implement keyboard and event security in X using XACE

Zarro Boogs per Child bugtracker at laptop.org
Thu Nov 2 13:42:59 EST 2006


#260: Implement keyboard and event security in X using XACE
-----------------------------+----------------------------------------------
 Reporter:  krstic           |       Owner:  dilinger
     Type:  task             |      Status:  new     
 Priority:  blocker          |   Milestone:  CTest   
Component:  X window system  |    Keywords:          
-----------------------------+----------------------------------------------
 We need a way to protect against applications sniffing each other's
 keystrokes, which X permits by default. Eamon Walsh's XACE extension
 (http://people.freedesktop.org/~ewalsh/xace_proposal.html) can do most of
 the heavy lifting, making this a pretty trivial amount of work, whereby
 XACE is used to enforce the keyboard security mechanisms provided by the X
 Security Extension for all clients. A callback on the DEVICE_ACCESS hook
 that always returns false will do the trick.

 To prevent fake keyboard events being sent via !SendEvent, we need to
 register a CORE_DISPATCH hook, check the major code for !SendEvent, check
 event type for !KeyPress (and similar) and reject.

 The MAP_ACCESS hook can help with the window-in-window case.

 Code utilizing these hooks needs to be written, and we need to make sure
 we have XACE in our X tree. I don't know upstream's current inclusion
 schedule, but we should find out, and carry this ourselves until inclusion
 if necessary, since we have no other way to provide the requisite security
 without hacking the deep bowels of X manually.

 (Thanks to Eamon for the explanations.)

-- 
Ticket URL: <http://dev.laptop.org/ticket/260>
One Laptop Per Child <http://laptop.org/>



More information about the Bugs mailing list