3

I have been doing some reading about security issues with Xorg on Linux, and was surprised to find that you can keylog any GUI application using two shell commands...

xinput list
xinput test <id of keyboard>

While there are ways to protect your root account from such attacks (creating a separate user account that has root access but does not use X), and this would be reasonably easy to do, but that is not my concern, due to a variety of reasons. However, this does nothing to protect other password fields. For instance, accessing bank websites, my master password file, etc. I would like to know if there is a way to protect all password fields from xinput test.

  • Is it possible to completely disable the xinput test command for a certain user, or will doing so break keyboard input from every GUI application?
  • Can certain GUI applications (such as Firefox and Konsole) be sandboxed individually?
  • I would prefer not to use a dedicated X servers for every GUI application, as I would expect this to use far more system resources, and it is useful to take screenshots of individual windows.
  • I am using Arch Linux and KDE
Caleb Reister
  • 237
  • 1
  • 6
  • 1
    The problem is not xinput itself but the features from X11 it uses. These features could be used by any other program too. I think the blog post you cite makes this clear that the problem is caused by a design issue of X11 and not by a bad program. It cannot be fixed without changing essential parts of the design. Sandboxes will not help either since every input will pass through the X11 system first. – Steffen Ullrich Nov 05 '16 at 18:29
  • @SteffenUllrich So for now, it's almost unavoidable? – Caleb Reister Nov 05 '16 at 19:05
  • Yes, but the successor to X11 (Wayland) has fixed these design issues. – Steffen Ullrich Nov 05 '16 at 19:57
  • @SteffenUllrich I like the idea of using Wayland. However, it is not particularly stable yet. I am kind of wondering why `xinput test` cannot be removed and then distributed as a separate tool. Is it that foundational to xinput? – Caleb Reister Nov 05 '16 at 20:35
  • Like I said: the program is not the xinput program itself but the feature it uses. Any other program can use this feature too so it does not help to block or remove this single program or to block a specific feature in it. For example xev also shows what happens including all key strokes entered. – Steffen Ullrich Nov 05 '16 at 20:38

1 Answers1

2
  • Banning xinput test won't help, because it's only an interface to the vulnerability, and a malicious program could access the keypresses without it.
  • Some comments from the blog post you link discuss sandboxing; even if it is secure (see the debate in the blog post), a concern is that most implementations just create another instance of the X server for sandboxed applications, which as you've said, is not desirable for performance reasons. However, it seems to be the most secure way to enter your passwords.

Regardless, if you're running malicious code on your computer, you have other problems (reading personal files, changing user configuration files, exploiting possible system vulnerabilities, and bad things in general). But if window isolation is important to you (it is to me), you could get involved with Wayland; as other people has said, it's a promising successor to X11.

LanceB98
  • 21
  • 3