On Mon, Nov 23, 2015 at 11:04:10AM -0800, Keith Packard wrote: > > One of the many security holes in X is that any application can monitor > the state of the keyboard device by querying the list of pressed keys on > a regular basis. Here's a simple patch which makes that request report > only key state which the client itself has already seen through X > events. > > With this patch in place, grabbing the keyboard should be sufficient to > hide key presses from other clients.
The QueryDeviceState request from xinput (XQueryDeviceState(3) in xlib) also exposes the logical state of the keys. This patch only touches the old QueryKeymap request. Is xinput not relevant for some reason? (There might also be similar request in xinput2 and XKB, I haven't checked). Ran _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: https://lists.x.org/mailman/listinfo/xorg-devel
