Hiding keyboard state
Ran Benita
ran234 at gmail.com
Mon Jun 20 18:11:09 UTC 2016
On Mon, Nov 23, 2015 at 11:04:10AM -0800, Keith Packard wrote:
>
> One of the many security holes in X is that any application can monitor
> the state of the keyboard device by querying the list of pressed keys on
> a regular basis. Here's a simple patch which makes that request report
> only key state which the client itself has already seen through X
> events.
>
> With this patch in place, grabbing the keyboard should be sufficient to
> hide key presses from other clients.
The QueryDeviceState request from xinput (XQueryDeviceState(3) in xlib)
also exposes the logical state of the keys. This patch only touches the
old QueryKeymap request. Is xinput not relevant for some reason? (There
might also be similar request in xinput2 and XKB, I haven't checked).
Ran
More information about the xorg-devel
mailing list