Hi Steve, > The concern is if someone is remoting into a machine we have 'locked down' > (stripped out a lot of packages/etc) and then they copy/paste or use a > keyboard emulator to retype an entire application into the remote machine. > For instance: > > Local machine: > Take executable binary and convert to hexadecimal for easy copy/paste > Install software that emulates keyboard and will retype entire contents of > the local machines clipboard (because we disabled copy/paste in xrdp) > connect to remove machine and create a file in remote home directory > Let software/keyboard emulator start retyping the entire executable > > > We think doing a keystroke logger on the remote end and pumping the logs > somewhere could help monitor part of it. But we'd really like to rate-limit > the incoming keystrokes because if the attacker aims too high (re: large > exploit file size) then we can at least delay the inevitable and hope we > notice in time. Particularly on the system in place where keystrokes would > be very minimal (essentially a kiosk driven largely by mouse clicks). > > Any thoughts or input would be appreciated.
That is an interesting concern. One solution is to use grsec or selinux to control the executables that the user can execute. Another options could be to set all writable directories non executable. Logging keystrokes and limiting them seems problematic. Jay ------------------------------------------------------------------------------ _______________________________________________ xrdp-devel mailing list xrdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xrdp-devel
