From Fedora Project Wiki
(3 intermediate revisions by 2 users not shown) | |||
Line 6: | Line 6: | ||
* Grabbing has never been a security feature. You can already snoop on a grabbed device, either using raw events or by registering for slave device events. We're trying to get the priority system right so that e.g. gnome-screensaver can assume it's the top-most grab-override and get events first, but that's about it. 03:13, 22 December 2011 (UTC) | * Grabbing has never been a security feature. You can already snoop on a grabbed device, either using raw events or by registering for slave device events. We're trying to get the priority system right so that e.g. gnome-screensaver can assume it's the top-most grab-override and get events first, but that's about it. 03:13, 22 December 2011 (UTC) | ||
** How can one snoop on a grabbed device via the X protocol? Or are you talking about opening up /dev/input*? | |||
*** Get the X device ID of the physical device you want to listen to, then XISelectEvents(3) on that device for whatever window you want the events on. Given event delivery traversal, the root window should be enough in most cases. Toolkits usually only work on the master devices, so slave device event delivery is usually a free-for-all. Also, with XI 2.1, listening to raw events has the same effect, though there you only get the device data, not the window information etc as well. Quick example: change the [http://cgit.freedesktop.org/xorg/app/xinput/tree/src/test_xi2.c#n347 XISelectEvents call in xinput's test-xi2] from <code>win</code> to <code>DefaultRootWindow(display)</code>, compile it, run with <code>xinput --test-xi2</code>. You should see every event from any slave device now. | |||
**** Interesting. Would it be fair to say that grabbing was previously a security feature (plenty of old X11 documentation talks about this, methinks), until this newfangled xinput stuff came by, and failed to extend the grabbing model - dunno, transitively? | |||
***** IIRC the X Input extension was released in 1994 and I think most of the above would have been possible since. All of the above is definitely possible since X server 1.4 (Fedora 9+) |
Latest revision as of 04:43, 22 December 2011
Security?
Could you spell out any possible security implications of overridden grabs? Could malevolent X apps start to snoop in on password-prompting windows, for example? Fche 03:08, 22 December 2011 (UTC)
- Grabbing has never been a security feature. You can already snoop on a grabbed device, either using raw events or by registering for slave device events. We're trying to get the priority system right so that e.g. gnome-screensaver can assume it's the top-most grab-override and get events first, but that's about it. 03:13, 22 December 2011 (UTC)
- How can one snoop on a grabbed device via the X protocol? Or are you talking about opening up /dev/input*?
- Get the X device ID of the physical device you want to listen to, then XISelectEvents(3) on that device for whatever window you want the events on. Given event delivery traversal, the root window should be enough in most cases. Toolkits usually only work on the master devices, so slave device event delivery is usually a free-for-all. Also, with XI 2.1, listening to raw events has the same effect, though there you only get the device data, not the window information etc as well. Quick example: change the XISelectEvents call in xinput's test-xi2 from
win
toDefaultRootWindow(display)
, compile it, run withxinput --test-xi2
. You should see every event from any slave device now.- Interesting. Would it be fair to say that grabbing was previously a security feature (plenty of old X11 documentation talks about this, methinks), until this newfangled xinput stuff came by, and failed to extend the grabbing model - dunno, transitively?
- IIRC the X Input extension was released in 1994 and I think most of the above would have been possible since. All of the above is definitely possible since X server 1.4 (Fedora 9+)
- Interesting. Would it be fair to say that grabbing was previously a security feature (plenty of old X11 documentation talks about this, methinks), until this newfangled xinput stuff came by, and failed to extend the grabbing model - dunno, transitively?
- Get the X device ID of the physical device you want to listen to, then XISelectEvents(3) on that device for whatever window you want the events on. Given event delivery traversal, the root window should be enough in most cases. Toolkits usually only work on the master devices, so slave device event delivery is usually a free-for-all. Also, with XI 2.1, listening to raw events has the same effect, though there you only get the device data, not the window information etc as well. Quick example: change the XISelectEvents call in xinput's test-xi2 from
- How can one snoop on a grabbed device via the X protocol? Or are you talking about opening up /dev/input*?