Re: X-windows security in Gnome

From: Benjamin Kahn <xkahn ximian com>
To: Havoc Pennington <hp redhat com>
Cc: Brian Cameron <Brian Cameron Sun COM>, gnome-hackers gnome org, jwz jwz org
Subject: Re: X-windows security in Gnome
Date: 16 May 2002 18:52:26 -0400

On Thu, 2002-05-16 at 18:33, Havoc Pennington wrote:
> Brian Cameron <Brian Cameron Sun COM> writes: 
> > Another example is xterm
> > comes with a "secure keyboard" mode (just hold down the control
> > key and the left mouse button at the same time to see this option).
> > According to xterm's man page, this option is supposed to make
> > it impossible for other programs to see passwords entered when
> > telnet'ing, rsh'ing, etc.  However it doesn't work because 
> > the xspy program demonstrates that XGrabKeyboard isn't a secure
> > solution.  
> 
> This is why gnome-terminal doesn't have a "secure keyboard" feature,
> because that feature is bullshit. ;-)
> 
> If someone can connect to your display, you are screwed. End of story.
> Don't let them connect.

	Of course, as Chris Lahey pointed out just the other day, one of the
main points of this feature is to make sure the user REALLY IS typing
their password into the application they think they are tying it into. 
Another window can't just pop up, grab focus, and display what they are
typing.

	And, as another side point, I had a sawfish and panel crash the other
day when using GNOME 2.  All I could (easily) do was ask Nautilus to
open a terminal which I couldn't type into since I couldn't ask it to
grab the keyboard.

_______________________________________________
gnome-hackers mailing list
gnome-hackers gnome org
http://mail.gnome.org/mailman/listinfo/gnome-hackers

Follow-Ups:
- Re: X-windows security in Gnome
  - From: Havoc Pennington

References:
- X-windows security in Gnome
  - From: Brian Cameron
- Re: X-windows security in Gnome
  - From: Havoc Pennington

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]