Exfiltrator. There's an 11-letter word that starts with "ex". X11.
On Thu, Mar 28, 2024 at 7:39 PM Luke A. Call <[email protected]> wrote: > On 2024-03-28 17:28:56+0100, Jan Stary <[email protected]> wrote: > > > (2) I've learned that X11 allows locally running malware to sniff the > > > keystrokes input to any other X11-using app running under any user. > > > > I don't believe that's true. > > Where have you "learned" that, and how does that work? > > "Dear X11, what is $user typing into his firefox textarea"? > > I'm no X expert, but I think what you are saying is technically correct > across users, but I believe it is possible for one application to > sniff the keystrokes input to another app running under the *same* user, at > least, and under different users in the same X session depending on how > they connect. Specifically: > > 1) Under `man xterm' in the "SECURITY" section it says some related > things that sound like that is what they are saying. I can't elaborate > on what it says there but that made me want to be cautious. > > 2) running > xinput list > ...shows some devices, where on my system the /dev/wskbd has "id=6". > Then taking that number 6 and doing > xinput test 6 > ...and typing in a separate xterm window shows the keystrokes from the > second window, in the first. I believe the same would be true for any > X application running as the *same* user. > > 3) I did some experimenting in the past with "ssh -X user@..." and > "ssh -Y user@...", and only when using -Y were keystrokes visible across > users. Similar things can be done with less cpu overhead using xauth > and magic cookies etc (I played with that, with help from people on this > list, scripted it for myself using what they and man pages helped me > learn, and haven't > thought about it much since then, except to use the scripts--but it is very > handy for me to have things running as different users within the same X > session, because of these boundaries around keyboard sniffing and also > filesystem etc restrictions across users). > > 4) I am under the impression that the clipboard sharing between X users is > not restricted as the above things are. Ie, one can spy on another > freely. > > Luke Call > >
