Re: So how would I write policy with xace/XSELinux to stop xspy from working?

[Eamon Walsh <ewalsh@tycho.nsa.gov>]

Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> http://www.acm.vt.edu/~jmaxwell/programs/xspy/xspy.html
>
> I want to lauch gnome-screensaver with a different context and not let
> xspy grab the password.
>   

Unfortunately, putting gnome-screensaver into a separate context cannot 
solve this problem.  xspy works by directly reading the state of the 
keyboard using XQueryKeymap().  The location of the input focus does not 
matter to this call; this is by design of the X protocol.

The solution has to be globally denying "read" permission on the default 
keyboard device.  The vast majority of apps should never need this 
permission because the proper way to receive input is to passively wait 
for input events on your own windows, not to go out and actively query 
device state in this manner.

I tried this just now and it stopped xspy cold.  However, there may need 
to be some refinement of the controls in this area.  In particular, 
XQueryPointer() also requires "read" permission and this seems to be 
more frequently called, e.g. by toolkit libraries, even though it really 
is snooping; you can likely determine a lot just by knowing the 
movements of the mouse.


-- 
Eamon Walsh <ewalsh@tycho.nsa.gov>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.