Bug#474024: Fixed upstream?

Yury V. Zaytsev yury at shurup.com
Sun Oct 31 18:58:52 UTC 2010 

Hi!

On Sun, 2010-10-31 at 07:38 +0100, Josselin Mouette wrote:

> If you ever believed that there is *any* way to prevent a program having
> access to your session to obtain root access when you use the same
> session to do stuff as root, you have been abused. 

Would you please rephrase your message in a way to make it clear what
kind of effective conclusion the reader has to make?

1) I personally have been abused and rather have to take care of a rehab
session, instead of messing with your conversations on this issue.

2) There is no way to avoid privilege escalation from non-root user to
the root user, which means that all security mechanisms are futile and
redundant, and time working on them is better spent on something else.

3) ...?

> It’s possible to make things harder, but the purpose of locking
> keyboard and mouse is to avoid leaking *accidentally* the password.
> If there is a malicious program running in your session, you are
> completely screwed.

Would you please show an example of what kind of *accidental* password
leak was in mind when the keyboard / mouse locking was developed?

My point is that the attacks described in this bug are over-complicated
comparing to the dump password sniffing using XQueryKeymap and actually
can be mitigated using SELinux and the like, whereas in what concerns
simple X attack nobody seem to care less.

However, this is a serious issue and if those kind of attacks are
mentioned in the man page, unless it is fixed, this "exploit" is the
first obvious candidate to get mentioned as well.

I am not familiar with X development, but I remember seeing a talk last
year where someone was talking about implementing a kind of "secure
desktop" for X where windows would be inaccessible by X queries from
other applications. Maybe you can refresh my memory as a Freedesktop
person...

Apart from that I guess one can at least generate garbage artificially
to confuse XQueryKeymap, in which case the password will probably be
still recoverable after statistical analysis of enough samples, but at
least it would be made way much harder than it is now.
 
-- 
Sincerely yours,
Yury V. Zaytsev

More information about the pkg-gnome-maintainers mailing list