Date: Wed, 16 Sep 1998 09:56:01 -0400 (EDT) From: zoonie <zoonie@myhouse.com> To: Warner Losh <imp@village.org> Cc: rotel@indigo.ie, freebsd-security@FreeBSD.ORG Subject: Re: X Security (was: Re: Err.. cat exploit.. (!)) Message-ID: <Pine.BSF.4.03.9809160950450.19152-100000@nak.myhouse.com> In-Reply-To: <199809160605.AAA04664@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
warner is correct about XTEST, if you look at a2x it does this also, in fact there were 3 ways to get keystrokes and mouse movements to X. a2x can use any of them. i don't remember what they are off hand but i do remember that there were 3 different methods depending on the X server. for those of you that don't know what a2x is it's an interface for using voice recognition software to control X on your workstation. it mainly works with dragondictate but i think that you can get it to work with any voice recognition software. i fooled around with it a few months ago when i had tendinitous and was restricting the amount of typing i did..... On Wed, 16 Sep 1998, Warner Losh wrote: > In message <199809152125.WAA01218@indigo.ie> Niall Smart writes: > : Actually, xterm will not accept synthetically generated keystrokes > : from XSendEvent by default, but there is nothing stopping someone > : from capturing keystrokes and other events. This is a pretty > : pedantic point, anyone using xhost to manage X security deserves > : to get stung. > > But it will accept keystrokes generated from XTEST by default. I have > a newton keyboard I use with my libretto which uses this feature. It > would appear that the keystroke program even works with a remote > display I can connect to, which is both way cool, and a possible > nightmare from a security point of view. XTEST even supports mouse > movements and clicking, which I plan to add to the newton keyboard > just as soon as I find a way of faking mice that I like. There are > serveral X extensions that can be used here that are compiled into > XFree86 by default. I think they are XInputExtension, XKEYBOARD and > XTEST, but I'm not sure about XKEYBOARD. > > There is even a RECORD extension listed on my xdpyinfo output that > looks like it could be very interesting indeed. > > X security is less like swiss cheeze, and more like chicken wire if > you are just using xhost for your security. > > Warner > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > --------------------------------------------- The devil finds work for idle circuits to do. --------------------------------------------- zoonie at myhouse dot com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.03.9809160950450.19152-100000>