[Trac #260] Implement keyboard and event security in X using XACE
Zarro Boogs per Child
bugtracker at laptop.org
Thu Nov 2 13:42:59 EST 2006
#260: Implement keyboard and event security in X using XACE
-----------------------------+----------------------------------------------
Reporter: krstic | Owner: dilinger
Type: task | Status: new
Priority: blocker | Milestone: CTest
Component: X window system | Keywords:
-----------------------------+----------------------------------------------
We need a way to protect against applications sniffing each other's
keystrokes, which X permits by default. Eamon Walsh's XACE extension
(http://people.freedesktop.org/~ewalsh/xace_proposal.html) can do most of
the heavy lifting, making this a pretty trivial amount of work, whereby
XACE is used to enforce the keyboard security mechanisms provided by the X
Security Extension for all clients. A callback on the DEVICE_ACCESS hook
that always returns false will do the trick.
To prevent fake keyboard events being sent via !SendEvent, we need to
register a CORE_DISPATCH hook, check the major code for !SendEvent, check
event type for !KeyPress (and similar) and reject.
The MAP_ACCESS hook can help with the window-in-window case.
Code utilizing these hooks needs to be written, and we need to make sure
we have XACE in our X tree. I don't know upstream's current inclusion
schedule, but we should find out, and carry this ourselves until inclusion
if necessary, since we have no other way to provide the requisite security
without hacking the deep bowels of X manually.
(Thanks to Eamon for the explanations.)
--
Ticket URL: <http://dev.laptop.org/ticket/260>
One Laptop Per Child <http://laptop.org/>
More information about the Bugs
mailing list