You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2012-09-14 06:03:29
- utopyand
- Member
- Registered: 2012-09-05
- Posts: 33
Xinput big problem
According to this page it's damn simple to get keystrokes from X even from non root account, and someone wrote a program to fast decrypt the keystroke sequences. Maybe a workaround should be to stop running xinput from non root users. What do you think about it?
Edit: the Wirenet trojan is probably using this "feature" to keylog strokes, but thinking, may a chmod that removes read and execute permission for group and others from the /usr/bin/xinput executable mitigate this security hole?
Last edited by utopyand (2012-09-14 08:09:39)
Offline
#2 2012-09-14 08:17:30
- utopyand
- Member
- Registered: 2012-09-05
- Posts: 33
Re: Xinput big problem
I give a
chmod 700 /usr/bin/xinputhope doesn't harm my system (but i lsed the previous permissions on a file, just for...)
Last edited by utopyand (2012-09-14 08:18:01)
Offline
#3 2012-09-14 09:37:44
- brebs
- Member
- Registered: 2007-04-03
- Posts: 3,742
Re: Xinput big problem
chmod would only be helpful if xinput were previously e.g. suid root. But it ain't!
Malicious apps can just copy what xinput does.
Edit: Here's a good Ubuntu summary bug.
The freedesktop bug says:
We already have an XSECURITY extension (and have had for years) which allows you to specify policies such as these in a SecurityPolicy file.
So that's something to check out...
Last edited by brebs (2012-09-14 10:23:46)
Offline
Pages: 1