Rich Freeman on 5 Sep 2012 05:53:21 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] BackDoor.Wirenet.1

On Wed, Sep 5, 2012 at 8:39 AM, Rich Freeman <> wrote:
> Applications like pinentry (usually used by gpg agents and such) do
> use secure mode, which is why their dialogs behave funny.  They also
> tend to lock their memory and employ other tactics to safeguard their
> input.

Hate to self-reply, but I just thought of a scenario and I don't know
if it would work or not.  X11 screen savers are just running on the
same X server, so it might be possible to grab their keyboard input,
which usually includes the unix password.

I don't know if typical screensaver implementations grab the keyboard
focus.  In general I'd say the screen-savers only work at all about
half the time from what I've seen, and they may or may not even blank
my screen when they display their password dialog.  I think that
general unreliability of screen locks is one of the pain points that
Wayland aims to address.  Hopefully while they're at it they'll tackle
whether it really makes sense for all clients to be able to read the
input of all other clients by default.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --