On 2024-03-28 17:28:56+0100, Jan Stary <[email protected]> wrote: > > (2) I've learned that X11 allows locally running malware to sniff the > > keystrokes input to any other X11-using app running under any user. > > I don't believe that's true. > Where have you "learned" that, and how does that work? > "Dear X11, what is $user typing into his firefox textarea"?
I'm no X expert, but I think what you are saying is technically correct across users, but I believe it is possible for one application to sniff the keystrokes input to another app running under the *same* user, at least, and under different users in the same X session depending on how they connect. Specifically: 1) Under `man xterm' in the "SECURITY" section it says some related things that sound like that is what they are saying. I can't elaborate on what it says there but that made me want to be cautious. 2) running xinput list ...shows some devices, where on my system the /dev/wskbd has "id=6". Then taking that number 6 and doing xinput test 6 ...and typing in a separate xterm window shows the keystrokes from the second window, in the first. I believe the same would be true for any X application running as the *same* user. 3) I did some experimenting in the past with "ssh -X user@..." and "ssh -Y user@...", and only when using -Y were keystrokes visible across users. Similar things can be done with less cpu overhead using xauth and magic cookies etc (I played with that, with help from people on this list, scripted it for myself using what they and man pages helped me learn, and haven't thought about it much since then, except to use the scripts--but it is very handy for me to have things running as different users within the same X session, because of these boundaries around keyboard sniffing and also filesystem etc restrictions across users). 4) I am under the impression that the clipboard sharing between X users is not restricted as the above things are. Ie, one can spy on another freely. Luke Call
