Re: X-windows security in Gnome



On Thu, 2002-05-16 at 18:33, Havoc Pennington wrote:
> Brian Cameron <Brian Cameron Sun COM> writes: 
> > Another example is xterm
> > comes with a "secure keyboard" mode (just hold down the control
> > key and the left mouse button at the same time to see this option).
> > According to xterm's man page, this option is supposed to make
> > it impossible for other programs to see passwords entered when
> > telnet'ing, rsh'ing, etc.  However it doesn't work because 
> > the xspy program demonstrates that XGrabKeyboard isn't a secure
> > solution.  
> 
> This is why gnome-terminal doesn't have a "secure keyboard" feature,
> because that feature is bullshit. ;-)
> 
> If someone can connect to your display, you are screwed. End of story.
> Don't let them connect.

	Of course, as Chris Lahey pointed out just the other day, one of the
main points of this feature is to make sure the user REALLY IS typing
their password into the application they think they are tying it into. 
Another window can't just pop up, grab focus, and display what they are
typing.

	And, as another side point, I had a sawfish and panel crash the other
day when using GNOME 2.  All I could (easily) do was ask Nautilus to
open a terminal which I couldn't type into since I couldn't ask it to
grab the keyboard.




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]