10

Each time when I’m entering my passphrase in pinentry-gtk-2, every other X11 app may sniff it, as seen in

$ xinput test-xi2

running in the background.

What can be done about it?

Or do I have to trust hundreds of different processes running under my account(*) to not X11-sniff my passphrase when I’m typing it and not send my ~/.gnupg/ directory along with it over the internet to some adversary?

(*) Here, I’m not considering an almost-hardware keylogger running as root very close to the kernel, as not much can be done about that. I’m talking regular, user-land applications, like closed-source Skype or Insync.

Michal Rus
  • 201
  • 1
  • 3

1 Answers1

3

The best solution is to run your session as SELinux user user_u or staff_u, which will much more strictly enforce inter-process communication between other apps and the pin entry app, which runs in gpg_pinentry_t domain.

By default, users are mapped to unconfined_u, which offers some protection, but not nearly as much as if you were to run things as user_u (e.g. you will notice that most things run as unconfined_t, but firefox plugins are executed as mozilla_plugin_t).

For extra high paranoia, you can try Qubes OS which solves precisely this problem -- but it requires getting used to the constraints it imposes on your work environment.

mricon
  • 6,238
  • 22
  • 27
  • Maybe it should be added that SELinux is not available in most Linux distros but confined to Red Hat, Fedora, CentOS and friends on the desktop. – Ned64 May 04 '17 at 10:53