On Tue, 23 Apr 1996, Khetan Gajjar wrote:
> How would they do this ?
If your server is openly accepting connections from remote
clients, all they need to do is write a program that connects to your X
server and requests a copy of each keypress event. It does not need to
have a visible window on the watched server, so it may not be obvious that
it is happening. As an example of how bad this type of security hole can
be, I once took the sources to xev, a stock X utility, and commented out
about 90% of the code. All I left in were the bits about keypresses.
This was sufficient to demonstrate that I could save to file, text that
wasn't even echoed on my friends _remote_ display, e.g. a password prompt.
> BTW, I run xdm from my rc.local
>
> Should I be doing it from ttys ? If so, how ?
I doesn't make a difference here. Remote users do not have access
to your /dev/tty* files. It is open access to your X server that is the
problem. This is a nice example of a transitive security problem. (If I
can't read your keyboard, I'll talk to something that can.)
cheers,
Adrian
adrian@virginia.edu ---->>>>| Support your local programmer,
System Administrator --->>>| STOP Software Patent Abuses NOW!
NVL, NIIMS and Telemedicine Labs -->>| For an application and information
Member: League for Programming Freedom ->| see: http://www.lpf.org/