Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 3293 - gnome-terminal allows send events by default
Summary: gnome-terminal allows send events by default
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: gnome-core
Version: 6.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Owen Taylor
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-06-05 21:58 UTC by daryll
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 1999-08-03 19:54:26 UTC


Attachments (Terms of Use)

Description daryll 1999-06-05 21:58:25 UTC
Any application that can connect to the X display can send
keyboard events to a gnome-terminal. This is a security
issue because it allows propigation of a violated machine.
If I have windows logged into another machine (even through
a secure link such as ssh) or if I have a privaledged shell
those may be compromised by someone getting an X connection
on my machine and sending commands to the remote system or
privaledged shell to create a hole.

gnome-terminal should make the capability to recieve allow
send events as an preferences item, as in xterm.

					- |Daryll

Comment 1 Owen Taylor 1999-06-09 22:58:59 UTC
This can't really be fixed by default because gnome-terminal
also supports (for instance) drag-and-drop which could
be spoofed by any other client on the display. It is a
hoewever, a decent candidate for a future option; though
it might give a false sense of security.

Basically, I would consider any display allows untrusted
clients access to be unsafe.

Consider as a few examples:

 - Sending fake drag and drop to MC; sending mouse clicks to MC
 - Emacs - I don't believe it guards against send events:
   M-x shell...
 - Any GTK+ program with a file selector that turns on
   the file operation buttons in the GTK+ file selector
   can be used to delete files.
 - Do you use a mail client? Can it do attachments?
   How about attaching /etc/passwd?
 - Grabbing portions of your screen as in a screen capture

[ There is a document in the X source distribution which
details some security considerations between clients on
a display, for those interested in this topic ]

Note that XFree86 also enables the XTest extension by default
and using that a client can, if I'm not mistaken, circumvent
the whole send_event field.

Comment 2 Alan Cox 1999-06-12 21:29:59 UTC
The X consortium take on this for 6.4 was very much "Use the Xsecurity
extension" not fix the apps. Xsecurity prevents partitioned
applications even reading the properties off a terminal let alone
typing in it

A nice gnome hook for xsecurity might be the right approach

Alan

Comment 3 Elliot Lee 1999-08-03 19:54:59 UTC
As previously stated, the right solution is to secure the display.


Note You need to log in before you can comment on or make changes to this bug.