Highest Voted 'x11' Questions - IT Security Stack Exchange

53

votes

3 answers

Why has Ubuntu 18.04 moved back to insecure Xorg?

After reading Xorg becomes the default display server again and considering the security risk of xorg, I am wondering why the developers left Wayland. The fact that a few programs do not work on Wayland does not justify such a security risk. Any…

ubuntu x11

asked Apr 17 '18 at 09:10

ar2015

825
2
7
10

42

votes

3 answers

Security Concerns with X11 Forwarding

What are some of the security concerns and reasons either for or against allowing X11 Forwarding. I have generally taken an approach of not allowing it under the blanket guise of security. Recently, I had a user indicated that they thought that…

linux ssh tunneling x11

asked May 09 '12 at 20:35

John

1,009
3
11
16

38

votes

1 answer

Passive and active attacks via X11. Is Wayland any better?

In The Linux Security Circus: On GUI isolation - The Invisible Things Lab's blog, Joanna Rutkowska describes attacks from one X11 app on another and the general problem of the lack of GUI-level isolation, and how it essentially nullifies all the…

desktop x11

asked May 05 '11 at 16:23

nealmcb

20,544
6
69
116

27

votes

2 answers

Risks of ssh to an untrusted host?

I use ssh a lot to connect to a variety of servers at my university. The machines are administrated by students, so assume they can't really be trusted;-) What are the risks in making a ssh connection to a host I have no control over? What…

ssh x11

asked Sep 23 '11 at 22:20

bud

271
3
3

18

votes

5 answers

Is it really safe to pass sensitive data to another script via stdin, compared to passing via arguments (Linux)

Yes, the transfer to the script via arguments is visible through ps -ax, /proc//cmdline etc., BUT if someone has already gained access to your account from the outside (e.g. by hacking your browser) he will have no trouble looking not only ps…

passwords linux debian x11

asked Jan 18 '22 at 04:44

NewLinux

625
3
8

10

votes

1 answer

GnuPG passphrase entry and X11 sniffing

Each time when I’m entering my passphrase in pinentry-gtk-2, every other X11 app may sniff it, as seen in $ xinput test-xi2 running in the background. What can be done about it? Or do I have to trust hundreds of different processes running under my…

key-management gnupg keyloggers passphrase x11

asked Jul 04 '15 at 10:47

Michal Rus

201
1
3

9

votes

2 answers

What is considered an acceptable, secure method of remotely connecting to a Linux system?

Given that VNC and X11 were not developed with security in mind, what do people typically see done to remotely connect to a Linux system where a GUI is required. While SSH access alone might be preferred, often times there are requirements where a…

remote-desktop x11

asked Mar 23 '15 at 03:05

appsecguy

435
4
12

8

votes

2 answers

GUI isolation in X11 when entering Truecrypt password

I have been getting a bit paranoid regarding some of my old TrueCrypt containers. The paranoia has got nothing to do with suspicions regarding TrueCrypt itself (after the shut-down last year), rather it is regarding keyloggers sniffing my…

linux truecrypt keyloggers x11

asked May 07 '15 at 06:54

shivams

221
1
5

8

votes

1 answer

Shared clipboard on Linux without keylogging, etc. vulnerabilities?

X has some serious security problems, not the least of which is that any program using a given display can log keystrokes from any other program on that display. (This can be demonstrated easily using xinput.) Is there any way to mitigate this…

exploit keyloggers x11

asked Aug 19 '14 at 20:30

DanL4096

307
1
2
9

8

votes

1 answer

How to mitigate risk of X11 buffer ghosting (palinopsia bug)

The Buffer "Ghosting" Phenomenon It is possible to observe contents of (old and currently used) graphics buffers on a monitor under certain circumstances, posing an information disclosure risk, when combined with shoulder surfing: Growing a Window…

data-leakage risk-management driver x11 video

asked May 19 '16 at 20:13

user66981

6

votes

1 answer

Lots of failed outgoing sshd attempts. Am I hacked?

For the last two days I've been seeing lots of lines in my /var/log/auth.log that look like: sshd[xxxxx]: error: connect_to 0.gravatar.com port 80: failed sshd[xxxxx]: error: connect_to 1.gravatar.com port 80: failed sshd[xxxxx]: error: connect_to…

ssh ddos x11

asked Apr 07 '14 at 19:55

Beau

163
1
5

4

votes

3 answers

Docker X11 Forwarding Security

I am currently running a Docker container with a program with a GUI forwarded over SSH (using X forwarding over OpenSSH). The virtualized server has X11Forwarding enabled and I can connect to it from my host machine and open up an application from…

ssh virtualization openssh docker x11

asked Oct 31 '15 at 05:38

Mythical Juggernaut

43
5

3

votes

2 answers

Does CVE-2015-5352 work if there is no active X-Server?

My security program shows that one of my servers is vulnerable to CVE-2015-5352. If X-Server is not running (not even installed) is the system really penetrable by that vulnerability?

linux ssh x11

asked Sep 03 '15 at 12:10

Harrys Kavan

193
4

3

votes

1 answer

How do I protect password enteries in Xorg?

I have been doing some reading about security issues with Xorg on Linux, and was surprised to find that you can keylog any GUI application using two shell commands... xinput list xinput test While there are ways to protect your…

linux keyloggers user-interface x11

asked Nov 05 '16 at 17:57

Caleb Reister

237
1
6

2

votes

1 answer

Is X11 dangerous?

I'm new to Linux and want to understand if X11 is really as dangerous as they say on the Internet? I will explain how I understand this. Any application launched from under the current user has access to the keyboard, mouse, display (screenshot),…

linux x11

asked Mar 22 '20 at 14:33

Dstart

131
1

Questions tagged [x11]