Red Hat Bugzilla – Bug 3293
gnome-terminal allows send events by default
Last modified: 2008-05-01 11:37:50 EDT
Any application that can connect to the X display can send
keyboard events to a gnome-terminal. This is a security
issue because it allows propigation of a violated machine.
If I have windows logged into another machine (even through
a secure link such as ssh) or if I have a privaledged shell
those may be compromised by someone getting an X connection
on my machine and sending commands to the remote system or
privaledged shell to create a hole.
gnome-terminal should make the capability to recieve allow
send events as an preferences item, as in xterm.
This can't really be fixed by default because gnome-terminal
also supports (for instance) drag-and-drop which could
be spoofed by any other client on the display. It is a
hoewever, a decent candidate for a future option; though
it might give a false sense of security.
Basically, I would consider any display allows untrusted
clients access to be unsafe.
Consider as a few examples:
- Sending fake drag and drop to MC; sending mouse clicks to MC
- Emacs - I don't believe it guards against send events:
- Any GTK+ program with a file selector that turns on
the file operation buttons in the GTK+ file selector
can be used to delete files.
- Do you use a mail client? Can it do attachments?
How about attaching /etc/passwd?
- Grabbing portions of your screen as in a screen capture
[ There is a document in the X source distribution which
details some security considerations between clients on
a display, for those interested in this topic ]
Note that XFree86 also enables the XTest extension by default
and using that a client can, if I'm not mistaken, circumvent
the whole send_event field.
The X consortium take on this for 6.4 was very much "Use the Xsecurity
extension" not fix the apps. Xsecurity prevents partitioned
applications even reading the properties off a terminal let alone
typing in it
A nice gnome hook for xsecurity might be the right approach
As previously stated, the right solution is to secure the display.