First Last Prev Next    This bug is not in your last search results.
Bug 3293 - gnome-terminal allows send events by default
gnome-terminal allows send events by default
Status: CLOSED WONTFIX
Product: Red Hat Linux
Classification: Retired
Component: gnome-core (Show other bugs)
6.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Owen Taylor
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-06-05 17:58 EDT by daryll
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 1999-08-03 15:54:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description daryll 1999-06-05 17:58:25 EDT 
Any application that can connect to the X display can send
keyboard events to a gnome-terminal. This is a security
issue because it allows propigation of a violated machine.
If I have windows logged into another machine (even through
a secure link such as ssh) or if I have a privaledged shell
those may be compromised by someone getting an X connection
on my machine and sending commands to the remote system or
privaledged shell to create a hole.

gnome-terminal should make the capability to recieve allow
send events as an preferences item, as in xterm.

					- |Daryll
Comment 1 Owen Taylor 1999-06-09 18:58:59 EDT 
This can't really be fixed by default because gnome-terminal
also supports (for instance) drag-and-drop which could
be spoofed by any other client on the display. It is a
hoewever, a decent candidate for a future option; though
it might give a false sense of security.

Basically, I would consider any display allows untrusted
clients access to be unsafe.

Consider as a few examples:

 - Sending fake drag and drop to MC; sending mouse clicks to MC
 - Emacs - I don't believe it guards against send events:
   M-x shell...
 - Any GTK+ program with a file selector that turns on
   the file operation buttons in the GTK+ file selector
   can be used to delete files.
 - Do you use a mail client? Can it do attachments?
   How about attaching /etc/passwd?
 - Grabbing portions of your screen as in a screen capture

[ There is a document in the X source distribution which
details some security considerations between clients on
a display, for those interested in this topic ]

Note that XFree86 also enables the XTest extension by default
and using that a client can, if I'm not mistaken, circumvent
the whole send_event field.
Comment 2 Alan Cox 1999-06-12 17:29:59 EDT 
The X consortium take on this for 6.4 was very much "Use the Xsecurity
extension" not fix the apps. Xsecurity prevents partitioned
applications even reading the properties off a terminal let alone
typing in it

A nice gnome hook for xsecurity might be the right approach

Alan
Comment 3 Elliot Lee 1999-08-03 15:54:59 EDT 
As previously stated, the right solution is to secure the display.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.