Re: Gnome-terminal: secure keyboard?



Jim Gettys said once upon a time (Thu, 3 Jun 1999):

> >                                 - Jim
> > Jim, I'm not sure you're talking about the same thing I was
> > talking about, but I may be wrong.
> > 
> > In xterm, when you set 'secure keyboard' (in the
> > CTRL-leftbtton menu), no other X app can
> > receive keystrokes until you set it back to normal.  It's
> > used when entering plaintext passwords, etc. so that rogue
> > app's can't snoop on what you're typing, I believe.  Xterm
> > swaps the foreground and background colors to remind the
> > user s/he's in that mode.
> 
> You are right: I'm talking about something slightly different, that
> a terminal emulator should not trust any event that has the "send event"
> flag set, or it is prone to attack by someone trying to get control
> of your machine (which is why that flag is in the protocol in the first
> place).
> 			- Jim

That breaks stuff like Xvoice which is a voice recognition dictation app
that uses the IBM Linux ViaVoice SDK.  It sends synthetic xevents to apps.

Dax Kelson



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]