Hi, I guess we can decloak this since it's on Phoronix ... On 19 January 2012 21:20, Cyril Brulebois <[email protected]> wrote: > The introduction of XKB debugging functions in the following commit: > | XKB: Add debug key actions for grabs & window tree > > leads to the ability of bypassing X screen locking programs with key > combinations like: Ctrl+Alt+KP_Multiply (Multiply key on the numpad).
Yeah. There must've been a miscommunication between Sergey and I, because the actions were never meant to be enabled by default. > As a quick workaround, stop calling UngrabAllDevices(). > > On a side note, it doesn't seem to care much about its kill_client > parameter, which is only used to decide which message should be > ErrorF()'d. > > This is a candidate for the 1.11 branch. This is the patch I've sent, which I think at least Red Hat are probably going to run with. It does mean a malicious client could alter the keymap and thus leave your screensaver vulnerable in the future, but a malicious client could also just kill the screensaver, or impersonate it, or, or, or ... Cheers, Daniel
From 9966d0a83ad7cf5ea76a04f31912e92908f3da63 Mon Sep 17 00:00:00 2001 From: Daniel Stone <[email protected]> Date: Thu, 19 Jan 2012 16:36:16 +1100 Subject: [PATCH] Hide ClearGrab/CloseGrabs actions behind an option Similar to how we put the Terminate mapping behind an option rather than enabling it by default, put the ClearGrab/CloseGrab action handlers behind an option too, so we don't ship 'break my screensaver'. Oops. Signed-off-by: Daniel Stone <[email protected]> --- compat/xfree86 | 15 +++++++++------ rules/base.o_c.part | 1 + rules/base.xml.in | 6 ++++++ 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/compat/xfree86 b/compat/xfree86 index cf4a8b2..52e661d 100644 --- a/compat/xfree86 +++ b/compat/xfree86 @@ -41,12 +41,6 @@ default partial xkb_compatibility "basic" { action = SwitchScreen(Screen=12, !SameServer); }; - interpret XF86_Ungrab { - action = Private(type=0x86, data="Ungrab"); - }; - interpret XF86_ClearGrab { - action = Private(type=0x86, data="ClsGrb"); - }; interpret XF86LogGrabInfo { action = Private(type=0x86, data="PrGrbs"); }; @@ -61,3 +55,12 @@ default partial xkb_compatibility "basic" { action = Private(type=0x86, data="-VMode"); }; }; + +partial xkb_compatibility "grab_break" { + interpret XF86_Ungrab { + action = Private(type=0x86, data="Ungrab"); + }; + interpret XF86_ClearGrab { + action = Private(type=0x86, data="ClsGrb"); + }; +}; diff --git a/rules/base.o_c.part b/rules/base.o_c.part index 352f8b3..b80ab6d 100644 --- a/rules/base.o_c.part +++ b/rules/base.o_c.part @@ -3,4 +3,5 @@ grp_led:scroll = +ledscroll(group_lock) japan:kana_lock = +japan(kana_lock) caps:shiftlock = +ledcaps(shift_lock) + grab:break_actions = +xfree86(grab_break) diff --git a/rules/base.xml.in b/rules/base.xml.in index 22b720f..6c17faa 100644 --- a/rules/base.xml.in +++ b/rules/base.xml.in @@ -6278,6 +6278,12 @@ <_description>Toggle PointerKeys with Shift + NumLock.</_description> </configItem> </option> + <option> + <configItem> + <name>grab:break_actions</name> + <_description>Allow breaking grabs with keyboard actions (warning: security risk)</_description> + </configItem> + </option> </group> <group allowMultipleSelection="true"> <!-- Special shortcuts for the Euro character --> -- 1.7.8.3
_______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
