From: Daniel J Walsh <dwalsh@redhat.com>
To: Eamon Walsh <ewalsh@tycho.nsa.gov>
Cc: "Christopher J. PeBenito" <cpebenito@tresys.com>,
Ted X Toth <txtoth@gmail.com>, SE Linux <selinux@tycho.nsa.gov>
Subject: Re: So how would I write policy with xace/XSELinux to stop xspy from working?
Date: Mon, 25 Feb 2008 09:37:47 -0500 [thread overview]
Message-ID: <47C2D2BB.7040303@redhat.com> (raw)
In-Reply-To: <47BF63B2.9030406@redhat.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Daniel J Walsh wrote:
> Eamon Walsh wrote:
>> Daniel J Walsh wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> http://www.acm.vt.edu/~jmaxwell/programs/xspy/xspy.html
>>>
>>> I want to lauch gnome-screensaver with a different context and not let
>>> xspy grab the password.
>>>
>> Unfortunately, putting gnome-screensaver into a separate context cannot
>> solve this problem. xspy works by directly reading the state of the
>> keyboard using XQueryKeymap(). The location of the input focus does not
>> matter to this call; this is by design of the X protocol.
>
Are you talking about a physical device in /dev? Or some X device?
What policy did you write to test this?
>> The solution has to be globally denying "read" permission on the default
>> keyboard device. The vast majority of apps should never need this
>> permission because the proper way to receive input is to passively wait
>> for input events on your own windows, not to go out and actively query
>> device state in this manner.
>
>> I tried this just now and it stopped xspy cold. However, there may need
>> to be some refinement of the controls in this area. In particular,
>> XQueryPointer() also requires "read" permission and this seems to be
>> more frequently called, e.g. by toolkit libraries, even though it really
>> is snooping; you can likely determine a lot just by knowing the
>> movements of the mouse.
>
>
> Well it seems like all confined domains should have the read on the
> keyboard blocked, then and maybe unconfined_t by boolean.
- --
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
with
the words "unsubscribe selinux" without quotes as the message.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkfC0rsACgkQrlYvE4MpobOoawCdGDxDHq1ONqlwY4eLEox9uUra
8MUAn2Z3tw+zKvnnfXu2i2fIY7yCbM/S
=x/sk
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2008-02-25 14:37 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-21 20:40 So how would I write policy with xace/XSELinux to stop xspy from working? Daniel J Walsh
2008-02-22 23:30 ` Eamon Walsh
2008-02-23 0:07 ` Daniel J Walsh
2008-02-25 14:37 ` Daniel J Walsh [this message]
2008-02-25 19:33 ` Eamon Walsh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47C2D2BB.7040303@redhat.com \
--to=dwalsh@redhat.com \
--cc=cpebenito@tresys.com \
--cc=ewalsh@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=txtoth@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.