Bug 3293 - gnome-terminal allows send events by default
Summary: gnome-terminal allows send events by default
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: gnome-core
Version: 6.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Owen Taylor
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-06-05 21:58 UTC by daryll
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 1999-08-03 19:54:26 UTC
Embargoed:


Attachments (Terms of Use)

Description daryll 1999-06-05 21:58:25 UTC
Any application that can connect to the X display can send
keyboard events to a gnome-terminal. This is a security
issue because it allows propigation of a violated machine.
If I have windows logged into another machine (even through
a secure link such as ssh) or if I have a privaledged shell
those may be compromised by someone getting an X connection
on my machine and sending commands to the remote system or
privaledged shell to create a hole.

gnome-terminal should make the capability to recieve allow
send events as an preferences item, as in xterm.

					- |Daryll

Comment 1 Owen Taylor 1999-06-09 22:58:59 UTC
This can't really be fixed by default because gnome-terminal
also supports (for instance) drag-and-drop which could
be spoofed by any other client on the display. It is a
hoewever, a decent candidate for a future option; though
it might give a false sense of security.

Basically, I would consider any display allows untrusted
clients access to be unsafe.

Consider as a few examples:

 - Sending fake drag and drop to MC; sending mouse clicks to MC
 - Emacs - I don't believe it guards against send events:
   M-x shell...
 - Any GTK+ program with a file selector that turns on
   the file operation buttons in the GTK+ file selector
   can be used to delete files.
 - Do you use a mail client? Can it do attachments?
   How about attaching /etc/passwd?
 - Grabbing portions of your screen as in a screen capture

[ There is a document in the X source distribution which
details some security considerations between clients on
a display, for those interested in this topic ]

Note that XFree86 also enables the XTest extension by default
and using that a client can, if I'm not mistaken, circumvent
the whole send_event field.

Comment 2 Alan Cox 1999-06-12 21:29:59 UTC
The X consortium take on this for 6.4 was very much "Use the Xsecurity
extension" not fix the apps. Xsecurity prevents partitioned
applications even reading the properties off a terminal let alone
typing in it

A nice gnome hook for xsecurity might be the right approach

Alan

Comment 3 Elliot Lee 1999-08-03 19:54:59 UTC
As previously stated, the right solution is to secure the display.


Note You need to log in before you can comment on or make changes to this bug.