You are not logged in.

#1 2022-08-02 07:42:37

EmErAJID
Member
Registered: 2022-02-15
Posts: 5

X11 security question about display managers and locking tools.

Hi.

Sadly enough, I couldn't find anything on google, so came here to ask.

Abstract

Firstly I describe what I am talking about at all.

Suppose lightdm. It has lightlocker to lock your session. If you go to tty on which the session is locked, you get message 'This session is locked. Wait until you are redirected to unlock dialog.' After waiting you're sent to lightdm greeter and authenticate there.

Now suppose you do not use any DMs and prefer plain startx. In this combination I preferred to use xss-lock+xsecurelock. The latter program does not issue any messages about locked sessions, because it works on the tty X works on. On their github page there is a section called 'Known Security Issues'. If you read it you can see

<quote author> wrote:

XSecureLock relies on a keyboard and pointer....

  • Receiving input out-of-band (/dev/input), including other input devices than keyboard and mouse, such as gamepads or joysticks.

The question itself

If I have a malicious program that records my keyboard events, will it be able to record my password with lightdm and with xsecurelock approach?

Put another way, does a display manager offer better security in terms of hiding your password from your programs than xsecurelock-like programs do?

Thank you.

PS inb4 you described malware, you should not run malware, you care too much and similar stuff.

Offline

#2 2022-08-02 12:23:42

seth
Member
From: Won't reply 2 private help req
Registered: 2012-09-03
Posts: 76,505

Re: X11 security question about display managers and locking tools.

Anything that can get access to raw input devices can undermine any screenlocker - they grab the X11 input devices (well, mouse and keyboard) but not the kernel devices (that's not possible)
If the permissions on the latter are too loose or you're smart enough to run the malware as root, it can scan the input events directly.

And then there's XI2…
Run

DISPLAY=:0 xinput --test-xi2

on a console and lock the X11 screen, then type a bit into the locker and check whether that shows up on the console (it's not readable text, but if it picks up RawKeyPress events, you've a problem)

Offline

Board footer

Powered by FluxBB