Re: Gnome-terminal: secure keyboard?

From: Dax Kelson <dkelson inconnect com>
To: Jim Gettys <jg pa dec com>
cc: David Coe <david coe someotherplace org>, Miguel de Icaza <miguel nuclecu unam mx>, gnome-list gnome org, recipient list not shown: ;
Subject: Re: Gnome-terminal: secure keyboard?
Date: Thu, 3 Jun 1999 14:26:06 -0600 (MDT)

Jim Gettys said once upon a time (Thu, 3 Jun 1999):

> >                                 - Jim
> > Jim, I'm not sure you're talking about the same thing I was
> > talking about, but I may be wrong.
> > 
> > In xterm, when you set 'secure keyboard' (in the
> > CTRL-leftbtton menu), no other X app can
> > receive keystrokes until you set it back to normal.  It's
> > used when entering plaintext passwords, etc. so that rogue
> > app's can't snoop on what you're typing, I believe.  Xterm
> > swaps the foreground and background colors to remind the
> > user s/he's in that mode.
> 
> You are right: I'm talking about something slightly different, that
> a terminal emulator should not trust any event that has the "send event"
> flag set, or it is prone to attack by someone trying to get control
> of your machine (which is why that flag is in the protocol in the first
> place).
> 			- Jim

That breaks stuff like Xvoice which is a voice recognition dictation app
that uses the IBM Linux ViaVoice SDK.  It sends synthetic xevents to apps.

Dax Kelson

Follow-Ups:
- Re: Gnome-terminal: secure keyboard?
  - From: Jim Gettys

References:
- Re: Gnome-terminal: secure keyboard?
  - From: Jim Gettys

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]