Closing this is wrong. Upstream is responsible for making Xorg work, not for delivering a reasonably secure desktop experience, that is the job of the distribution maintainers. Upstream is just saying use SElinux, that is not the best way to do this, keylogging is trivial under the current setup, Windows / OSX do not suffer from this. Under Xorg it is possible to write a one-line command line that captures input and posts it to a web server.
-- You received this bug notification because you are a member of Ubuntu-X, which is subscribed to xserver-xorg-input-evdev in Ubuntu. https://bugs.launchpad.net/bugs/800172 Title: Application keylogger vulunerability in Xserver To manage notifications about this bug go to: https://bugs.launchpad.net/wayland/+bug/800172/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~ubuntu-x-swat Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-x-swat More help : https://help.launchpad.net/ListHelp
