Re: Document Centricity in GNOME [LONG]
- From: jg pa dec com (Jim Gettys)
- To: famrom idecnet com (Guillermo S. Romero / Familia Romero)
- Cc: gnome-gui-list gnome org
- Subject: Re: Document Centricity in GNOME [LONG]
- Date: Fri, 12 May 2000 11:40:33 -0700 (PDT)
> Sender: gnome-gui-list-admin@gnome.org
> From: famrom@idecnet.com (Guillermo S. Romero / Familia Romero)
> Date: Fri, 12 May 2000 20:07:53 +0200
> To: gnome-gui-list@gnome.org
> Subject: Re: Document Centricity in GNOME [LONG]
> -----
> >> I think that like the rest of tasks, it will run only under dummy UID. The
> >> keystrokes is a serious problem, yes, but not the run of other apps
> >What I meant was that if a program under a different UID had access to
> >your X server, it could send fake events and remote control anything
> >you're running, find you xterm, start things there, etc.
>
> I did not know that X allowed to "run" other things, the most I believe was
> that others could hear, but nothing more. Aaahh! That must be related to the
> secure option of xterms, no? Who had the idea to mix connections?
>
X doesn't allow you to "run" anything: it does allow an application to
send events to other applications, and to capture input. The secure option
of xterm means to check the bit in a keyboard event that tells you it
was synthesized by another application: in this way, you can have xterm
ignore input from other applications. Anything running a shell (e.g.
a terminal emulator) should generally be ignoring synthesized events.
All events have a bit that says that the keyboard event is synthetic rather
than real. See section 1 of the X Protocol specification, page 24, "X
Window System", by Robert W. Scheifler & James Gettys, Core and Extension
Protocols.
The other way to synthesizing input is via one of the extensions developed
for testing the X server: these can synthesize events that do not have
the synthesized event bit set. I've not messed with them, so don't know
what security model they present, though I can find out (and I suggest
you do). There is also the X security extension, that does stuff of
some sort. These extensions may or may not be present in a given server
(e.g XTEST). They came along mostly after I was through most of my
X hacking (except for XSync, which I also participated in). In any
case, the code and documents are all right there for you to look at....
As to who had the ideas, I'm one of the guilty parties. I don't remember
if I'm guilty of this one or not, so I'll blame Bob Scheifler.
There is a fundamental issue of trust here: if you allow an application
to connect to an X server, there is all sorts of bad things that can
be done. Trying to avoid this generates more problems than you would believe:
people did a compartmentalized security X server, and it was a bitch.
- Jim
--
Jim Gettys
Technology and Corporate Development
Compaq Computer Corporation
jg@pa.dec.com
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
