Bug 3293 - gnome-terminal allows send events by default
gnome-terminal allows send events by default
Product: Red Hat Linux
Classification: Retired
Component: gnome-core (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Owen Taylor
: Security
Depends On:
  Show dependency treegraph
Reported: 1999-06-05 17:58 EDT by daryll
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 1999-08-03 15:54:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description daryll 1999-06-05 17:58:25 EDT
Any application that can connect to the X display can send
keyboard events to a gnome-terminal. This is a security
issue because it allows propigation of a violated machine.
If I have windows logged into another machine (even through
a secure link such as ssh) or if I have a privaledged shell
those may be compromised by someone getting an X connection
on my machine and sending commands to the remote system or
privaledged shell to create a hole.

gnome-terminal should make the capability to recieve allow
send events as an preferences item, as in xterm.

					- |Daryll
Comment 1 Owen Taylor 1999-06-09 18:58:59 EDT
This can't really be fixed by default because gnome-terminal
also supports (for instance) drag-and-drop which could
be spoofed by any other client on the display. It is a
hoewever, a decent candidate for a future option; though
it might give a false sense of security.

Basically, I would consider any display allows untrusted
clients access to be unsafe.

Consider as a few examples:

 - Sending fake drag and drop to MC; sending mouse clicks to MC
 - Emacs - I don't believe it guards against send events:
   M-x shell...
 - Any GTK+ program with a file selector that turns on
   the file operation buttons in the GTK+ file selector
   can be used to delete files.
 - Do you use a mail client? Can it do attachments?
   How about attaching /etc/passwd?
 - Grabbing portions of your screen as in a screen capture

[ There is a document in the X source distribution which
details some security considerations between clients on
a display, for those interested in this topic ]

Note that XFree86 also enables the XTest extension by default
and using that a client can, if I'm not mistaken, circumvent
the whole send_event field.
Comment 2 Alan Cox 1999-06-12 17:29:59 EDT
The X consortium take on this for 6.4 was very much "Use the Xsecurity
extension" not fix the apps. Xsecurity prevents partitioned
applications even reading the properties off a terminal let alone
typing in it

A nice gnome hook for xsecurity might be the right approach

Comment 3 Elliot Lee 1999-08-03 15:54:59 EDT
As previously stated, the right solution is to secure the display.

Note You need to log in before you can comment on or make changes to this bug.