On 2024-03-29 09:01:07-0400, James Huddle <[email protected]> wrote: > Exfiltrator. There's an 11-letter word that starts with "ex". X11.
After a quick web search, I'm not sure I follow. Is that a reference to a program that exfiltrates data after a computer is compromised? Can you elaborate a little? I realize this is an ignorant question. > On Thu, Mar 28, 2024 at 7:39???PM Luke A. Call <[email protected]> wrote: > > > On 2024-03-28 17:28:56+0100, Jan Stary <[email protected]> wrote: > > > > (2) I've learned that X11 allows locally running malware to sniff the > > > > keystrokes input to any other X11-using app running under any user. > > > > > > I don't believe that's true. > > > Where have you "learned" that, and how does that work? > > > "Dear X11, what is $user typing into his firefox textarea"? > > > > I'm no X expert, but I think what you are saying is technically correct > > across users, but I believe it is possible for one application to > > sniff the keystrokes input to another app running under the *same* user, at > > least, and under different users in the same X session depending on how > > they connect. Specifically: > > > > 1) Under `man xterm' in the "SECURITY" section it says some related > > things that sound like that is what they are saying. I can't elaborate > > on what it says there but that made me want to be cautious. > > > > 2) running > > xinput list > > ...shows some devices, where on my system the /dev/wskbd has "id=6". > > Then taking that number 6 and doing > > xinput test 6 > > ...and typing in a separate xterm window shows the keystrokes from the > > second window, in the first. I believe the same would be true for any > > X application running as the *same* user. > > > > 3) I did some experimenting in the past with "ssh -X user@..." and > > "ssh -Y user@...", and only when using -Y were keystrokes visible across > > users. Similar things can be done with less cpu overhead using xauth > > and magic cookies etc (I played with that, with help from people on this > > list, scripted it for myself using what they and man pages helped me > > learn, and haven't > > thought about it much since then, except to use the scripts--but it is very > > handy for me to have things running as different users within the same X > > session, because of these boundaries around keyboard sniffing and also > > filesystem etc restrictions across users). > > > > 4) I am under the impression that the clipboard sharing between X users is > > not restricted as the above things are. Ie, one can spy on another > > freely. > > > > Luke Call > > > >
