Why Screen Lockers On X11 Cannot Be Secure

← Back to Stories (view on slashdot.org)

Why Screen Lockers On X11 Cannot Be Secure

Posted by Soulskill on Wednesday January 28, 2015 @04:46AM from the targeted-for-improvement dept.

jones_supa writes: One thing we all remember from Windows NT is the security feature requiring the user to press CTRL-ALT-DEL to unlock the workstation (this can still be enabled with a policy setting). The motivation was to make it impossible for other programs to mimic a lock screen, as they couldn't react to the special key combination. Martin Gräßlin from the KDE team takes a look at the lock screen security on X11. On a protocol level, X11 doesn't know anything of screen lockers. Also the X server doesn't know that the screen is locked as it doesn't understand the concept. This means the screen locker can only use the core functionality available to emulate screen locking. That in turn also means that any other client can do the same and prevent the screen locker from working (for example opening a context menu on any window prevents the screen locker from activating). That's quite a bummer: any process connected to the X server can block the screen locker, and even more it could fake your screen locker.

56 of 375 comments (clear)

Min score:

Reason:

Sort:

Umm..and telnet is insecure. by heavy_metal_drinker · 2015-01-28 04:51 · Score: 5, Insightful

Flashback from the 90's: Telnet and X11 are inherently insecure - where's the news in that?
1. Re:Umm..and telnet is insecure. by Dog-Cow · 2015-01-28 05:03 · Score: 5, Informative
  
  Wow. Way to totally misunderstand everything.
  X11(R6) is a protocol.
  XFree86 and XOrg are implementations.
2. Re:Umm..and telnet is insecure. by omnichad · 2015-01-28 06:53 · Score: 2
  
  XFree86 is a port of X(11). The protocol it uses has also taken the same name.
So to cicumvent the screen locker... by Viol8 · 2015-01-28 04:51 · Score: 5, Insightful

... there has to be a trojan on the system or at least something connected to the X server over the network.
Hmm. I think by this time your security is already out the window and a borked lock program is the least of your worries.
1. Re:So to cicumvent the screen locker... by Qzukk · 2015-01-28 05:03 · Score: 3, Insightful
  
  This has been solved by everyone not following tutorials from the 80s asking them to use xhost + to allow everyone everywhere to connect to your display.
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
2. Re:So to cicumvent the screen locker... by bondsbw · 2015-01-28 05:04 · Score: 2
  
  Hmm. I think by this time your security is already out the window and a borked lock program is the least of your worries.
  Just because an application is running on your system doesn't mean it has elevation. But if it pretends to be your lock screen and convinces you to put your password into it, it may be able to gain that elevation.
  
  --
  All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
3. Re:So to cicumvent the screen locker... by Anonymous Coward · 2015-01-28 05:12 · Score: 5, Informative
  
  This was fixed decades ago. Don't issue xhost + and you should be fine. X uses auth tokens that are files in /tmp with mode 600.
4. Re:So to cicumvent the screen locker... by ilsaloving · 2015-01-28 07:50 · Score: 4, Funny
  
  Reminds me of my university days...
  When someone walked away for an extended period without locking their terminal, one of us would sneak over and do a quick 'xhost +' and then wait for them to come back.
  Once they sit down and start working again, we would run 2 dozen copies of neko on their terminal, resulting in a mass of little animated kittens chasing their mouse cursor.
  Ah, the lost days of innocent fun.
5. Re:So to cicumvent the screen locker... by nedlohs · 2015-01-28 09:17 · Score: 3, Funny
  
  We always just added
  echo "sleep 1" >>$HOME/.bash_profile
  to their .bash_profile (or the equivalent if they were using something other than bash).
  And might have sometimes done:
  cp /bin/sh /somewhere/world/write/readable/sh-[username]
  chmod 4755 /somewhere/world/write/readable/sh-[username]
6. Re:So to cicumvent the screen locker... by Culture20 · 2015-01-28 12:58 · Score: 3, Informative
  
  Xroach: places animated roaches under their open windows and the roaches scatter when the windows are reduced or closed.
Uh, okay? by TWX · 2015-01-28 04:51 · Score: 2, Insightful

I certainly get the technical explanation. Given that I don't think Deskop Linux will EVER be mainstream, this seems like something we've lived with for an incredibly long time, and doesn't affect very many people or systems.

If someone wants to fix it, cool, but it's not really going to bother me very much if this behavior continues.

--
Do not look into laser with remaining eye.
1. Re:Uh, okay? by Enry · 2015-01-28 04:55 · Score: 5, Funny
  
  What? I was assured that THIS was the year of the Linux Desktop!
2. Re:Uh, okay? by bondsbw · 2015-01-28 05:07 · Score: 2
  
  It is. They just failed to mention that it was is a year on Pluto.
  
  --
  All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
3. Re:Uh, okay? by GoodNewsJimDotCom · 2015-01-28 05:09 · Score: 2
  
  It doesn't bode well for Linux that it is also not the year of the Windows Desktop or Apple Desktop. It is the year of the smart phone. The year of the desktop may never return. Desktops are better suited for developers and smart phones are better suited to consumers.
  
  --
  God spoke to me
4. Re:Uh, okay? by Kjella · 2015-01-28 09:05 · Score: 2
  
  It doesn't bode well for Linux that it is also not the year of the Windows Desktop or Apple Desktop. It is the year of the smart phone. The year of the desktop may never return. Desktops are better suited for developers and smart phones are better suited to consumers.
  Developers and a ton of other professionals. If Linux/FLOSS could replace Windows, Office, Outlook/Exchange, Sharepoint and SQL Server that's probably 15 of Microsoft's $26 billion dollar revenue. Open source has not managed to commodify basic business and collaboration tasks, despite so many years of trying. It's not all about smartphones and tablets.
  
  --
  Live today, because you never know what tomorrow brings
not the point by lister+king+of+smeg · 2015-01-28 04:56 · Score: 3, Insightful

Isn't the point of a screen locker to keep a person from accessing my computer while I step away for a moment (to go to the bathroom or refill my coffee mug.) not to prevent programs from accessing things?

--
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
1. Re:not the point by CastrTroy · 2015-01-28 05:04 · Score: 2
  
  The problem is that if you walk away and think that the screen locker will kick in, and somebody comes by while it is still unlocked, they can run a program that will look the the screen locker when you come back, but in reality will actually just be recording your user name as password so the intruder can use this. They'll get the password, and come back at a time when they have more time to do their dirty work. Ideally, you should lock your computer as soon as you get up, but that's what happens in an ideal world, and security has to work under non-ideal circumstances.
  
  --
  
  Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
2. Re:not the point by MadCow42 · 2015-01-28 05:14 · Score: 2
  
  Example that might make more sense:
  You download a program that appears legit (and may be mostly legit, or be a hacked version of a legit program), and are running it.
  The program senses inactivity, opens a contextual menu on the screen to prevent the REAL screensaver from kicking in, and opens it's own fake screensaver instead.
  When you get back to the computer, it prompts you to input your credentials.
  Voila... it now has your credentials, and can wreak utter havoc and destruction (depending on your permissions).
  
  --
  I used to have a sig, but I set it free and it never came back.
3. Re:not the point by Anonymous Coward · 2015-01-28 05:17 · Score: 4, Informative
  
  What do you mean "think it will kick in"? Activate it when you get up from your desk, period. For Windows it's an easy "winkey+L" combo as you get up from your desk. Done, workstation is secured and locked. That's our company policy anyway, you're supposed to lock your workstation when you step away. A timed lock screen is pointless, stupid and just gets in the way. If your mouse just happens to bounce a little, it'll reset the "inactive screen timeout".
4. Re: not the point by Teranolist · 2015-01-28 05:23 · Score: 3, Informative
  
  Thats why you lock your screen manually BEFORE you leave the machine...
5. Re:not the point by smash · 2015-01-28 05:25 · Score: 2
  
  "merely add a function to the X11 API" is the problem. X11 is ancient, full of bloat that no one uses any more and not designed with core concepts in mind that are desirable in a modern operating system. Really, look up some youtube presentations from the Wayland guys - who actually work on X11 and listen to what they have to say regarding the complexity and brain damage in X11. It works, but sometimes, even the guys who maintain it don't know exactly why.
  The X11 display server is a liability and needs to die. It should have been taken out behind the shed and shot about a couple of decades ago. That doesn't mean that "oh noes i will lose my remoting!", that can be implemented in it's replacement via a shim, the same way any X display server works for Windows or Mac.
  
  --
  I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
6. Re:not the point by jakimfett · 2015-01-28 05:46 · Score: 3, Insightful
  
  So...what you're saying is "people who aren't security conscious continue to be vulnerable to attacks that exploit their sloppiness and/or lack of attention"?
  
  Shocker.
  
  --
  Bits of code, random ramblings: jakimfett.com
7. Re:not the point by codeButcher · 2015-01-28 05:47 · Score: 2
  
  but in reality will actually just be recording your user name as password so the intruder can use this. They'll get the password, and come back at a time when they have more time to do their dirty work.
  That's why I always first try to unlock with "password123" when I get back from the bathroom break I could no longer postpone.
  
  --
  Free, as in your money being freed from the confines of your account.
8. Re:not the point by rgmoore · 2015-01-28 05:52 · Score: 2
  
  Even if the switch to Wayland happens, most people will still be stuck with using XWayland constantly for a decade.
  They may be stuck with XWayland for a handful of apps that aren't being updated, but the work to let modern desktop environments run on Wayland instead of X11 is quite far along. Once the basic KDE and GNOME libraries are ported to Wayland, anything that uses those higher level libraries rather than talking directly to X will run under Wayland without needing any intermediary like XWayland. It's possible to log in and run under Wayland rather than X11 today; I have done it on my Fedora box.
  
  --
  There's no point in questioning authority if you aren't going to listen to the answers.
9. Re:not the point by mlts · 2015-01-28 06:08 · Score: 3, Interesting
  
  If someone gets physical access to my machine while I'm away and the screen locker has not activated, regardless of OS I am on, I am screwed. Be it Windows where a utility can be run to hook into the keyboard, OS X and a .kext that flashes a custom ROM to the keyboard so it doubles as a keystroke logger, AIX could have the bootlist modifed to boot from an unauthorized rootvg, Solaris could have the root role moved to all users, and so on.
  Realistically, X-Windows authentication and running rogue clients has been a non-issue since the late 1990s. By default, X is locked down quite tightly, taking an explicit "xhost +" to undo those measures. Even when SSH-ing into a remote machine, by default, the X-windows port is not authorized or forwarded unless both the client and server are explicitly changed to permit this. These days, relatively few applications are X-windows clients, other than legacy stuff. Most enterprise level items (be it an Isilon, VNX, VMWare vSphere, tape silo, and so on) either have a dedicated client, allow SSH in, or have a web page for their configuration. The last time I've used a X-Windows client from a remote machine was running the NetBackup administrative client application from a master server, because it was the most reliable way I could watch what was going on.
  One cannot make light of security holes, but there are things to work on and ones that are too difficult for an attacker to ignore. It takes some explicit commands to force X-windows to allow clients other than from the local machine to connect (including disabling the kernel packet filter or actively allowing connections through it.) So, someone connecting remotely to an X server before xlock activates can be a hole... but it is something extremely hard to take advantage of.
10. Re:not the point by Scoth · 2015-01-28 06:16 · Score: 2
  
  Windows has had the ctrl-alt-del to log in/unlock since literally the first version of Windows NT, 3.1, in 1993. That's a long time to have feature envy, though I suppose it's possible. I generally wonder if the average user is clever enough to understand the implication anyway - if you put up a fake login dialog on Windows just past the ctrl-alt-del, I bet most users would just fill it out and go with it rather than think they're under attack.
11. Re:not the point by operagost · 2015-01-28 07:32 · Score: 2
  
  This feature goes back to at least Windows NT 3.5 in 1994, and perhaps even Windows NT 3.1 in 1993. The summary also implies that it always needs to be enabled, which it does not as it is the default when joined to a domain (and I think it is also the default on Enterprise and Server editions).
  
  --
  
  Gamingmuseum.com: Give your 3D accelerator a rest.
12. Re: not the point by Lumpy · 2015-01-28 07:35 · Score: 2
  
  Not mine, when I get up the prox card reader sees that I am not near the workstation and instantly locks, it will not even offer an unlock until I am within proximity again.
  Really cheap to put in place less than $10K for the whole company. and increases security 80 fold. Problem is most IT departments are not savvy enough to do it nor convince management that it's more important than a new Jaguar for the Director of marketing. Heck my old Dell laptop supported it.
  
  --
  Do not look at laser with remaining good eye.
13. Re:not the point by operagost · 2015-01-28 07:37 · Score: 2
  
  Windows NT 3.1 didn't have an NT kernel? Color me confused.
  No, scratch that-- color you wrong.
  
  --
  
  Gamingmuseum.com: Give your 3D accelerator a rest.
14. Re:not the point by benjymouse · 2015-01-28 21:18 · Score: 2
  
  Yes, that is exactly my point.
  Nice try. But no, you are BSing.
  Scoth: "Windows has had the ctrl-alt-del to log in/unlock since literally the first version of Windows NT, 3.1, in 1993. "
  You: "In 1993, Windows didn't have an NT kernel."
  AC: "In 1993, Windows NT 3.1 was released. Not to say that the non-NT product line ended at the same time."
  (AC factually correct here: Windows NT 3.1 was released in July 1993)
  operaghost: "Windows NT 3.1 didn't have an NT kernel? Color me confused. No, scratch that-- color you wrong."
  You: "Go to a typical computer store in 1993, ask for Windows, and they wouldn't give you an NT kernel."
  (now you try to deflect; why bring in the "typical computer store"? the issue was *Windows NT*)
  So, your claim was that Windows NT didn't have an NT kernel. The TFA was about Windows NT, and Windows NT certainly HAD the NT kernel, it certainly HAD the "attention sequence" Ctrl-Alt-Del, and it certainly WAS released and available.
  And you are dishonest.
  
  --
  Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
Re:Windows reigns supreme by Viol8 · 2015-01-28 04:58 · Score: 3, Informative

Would this be the "hobby" OS that took over running the London Stock Exchange trading platform when Windows couldn't cope?
Already solved! by Qzukk · 2015-01-28 04:59 · Score: 5, Funny

systemd-screenlockerd saves the day!
Of course, it requires systemd-moused, systemd-keyboardd, systemd-windowd, systemd-X11d, and finally systemd-logind. Right now there's some compatibility issues that have been in the bug tracker for a year or so, so for best results you should also ditch KDE or gnome and go with systemd-windowd-managerd and systemd-menud. There's a few incompatible apps as well, if you have problems try using systemd-webbrowserd (requires systemd-networkd) and systemd-xtermd (requires systemd-fontd and systemd-shelld). Thunar works fine though for browsing files, as long as they're in the systemd folder.

--
If I have been able to see further than others, it is because I bought a pair of binoculars.
1. Re:Already solved! by BlackPignouf · 2015-01-28 05:24 · Score: 2
  
  From Poettering himself :
  http://lists.freedesktop.org/a...
2. Re:Already solved! by davydagger · 2015-01-28 05:42 · Score: 2
  
  check the date: Sun Mar 31 17:22:15
  yeah, just a few hours shy of April 1.
Uses QT for screensaver, complains about security by Anonymous Coward · 2015-01-28 05:04 · Score: 5, Informative

KDE uses QT, a gigantic toolkit, to implement the screen saver. In this case the UI relies on QT Quick.
Gnome's screensaver has the same problems with GTK.
Jamie Zawinski, who wrote the standard xscreensaver, has a FAQ page detailing how these are a fundamentally bad idea from a security perspective:
http://www.jwz.org/xscreensaver/toolkits.html
this is a mountain out of a mole hill. by nimbius · 2015-01-28 05:12 · Score: 4, Interesting

Whats being attacked is the unix ethos: do one thing and do it well. Capturing the key sequence to lock and faking the screen, while it may be easier in KDE alongside Systemd, is not easy in fluxbox or awesome. Its the explicit lack of widgets or sprockets or mindless dreck like this, and predefined key sequences that are captured by the window manager first. I use i3lock, which would mean attackers would have to find a way to get into /usr/bin to usurp my locker and at that point i have a far greater degree of concern than just the locker. X Forwarding and shared X in general has always been a security concern. ssh-agent should be avoided and if you have work to do on the server, do it in a tty over ssh. And this is the schism: newschool linux wants a sexy user experience that pops out of the box and is unified. They want the user to obey the vision of their design and use user switching, connection sharing, and fancy clock widgets and X just cant be (nor should it) Microsoft Windows. Old fogeys like myself will deck the halls of localhost when and if we want to. And it will always be on our terms, right down to color, shape, and font. Security will be our concern.

--
Good people go to bed earlier.
Re:Windows reigns supreme by Viol8 · 2015-01-28 05:28 · Score: 4, Informative

They did go for C++. On Linux. It was more than just issues with .NET.
Re:How to make it work by unrtst · 2015-01-28 05:28 · Score: 2

Article is WRONG WRONG WRONG. Screen locker: issue chvt onto another X instance, and spawn a thread that goes into a loop reissuing chvt to hold it there until the unlock password is given.
vlock -asn
This has been solved for a long time. Not sure why this is really an issue.
Re:physical access by Wrath0fb0b · 2015-01-28 05:33 · Score: 4, Informative

Comparing this to Windows is silly, because Windows doesn't have anything like the X11 protocol. On Windows, running code can disable the screen saver in other ways: patching or replacing DLLs, changing system configuration, etc. No difference from a security point of view.
I'm no Windows fanboy, but this is just factually incorrect.
(1) All those operations require elevation, so unless the user has lowered UAC from the default, they will require authentication. I suppose a malicious installer could do that, but it is emphatically incorrect that any running code can effect that change.
(2) Since 7, when Windows elevates it completely suspends the old 'Desktop' and creates a brand new one for the elevation prompt. If you look closely, you'll realize that all the other 'windows' are actually just a static screenshot of what happened on the unprivileged desktop at the point where the elevation prompt was created.
So "from a security point of view", on Windows you have a specific privilege required to change the SS that is mediated through a privileged interface where it cannot be snooped/intercepted by unprivileged processes.
[ Of course, this comparison is also patently unfair -- Windows 7 was written in the 2000s, X11 was written in the 1980s. Expecting them to be comparable in terms of security is pretty ridiculous. ]
Related: jzw by John+Bokma · 2015-01-28 05:41 · Score: 2

http://www.jwz.org/blog/2014/0...

--

Perl Programmer for hire
If it's accessing your X server, it's elevated ple by raymorris · 2015-01-28 05:43 · Score: 2

If it has access to draw windows in your X session, it's elevated plenty - it can also log keystrokes at that point.
Linux rules the desktop, which is in your pocket by raymorris · 2015-01-28 06:00 · Score: 3, Insightful

The year of the Linux desktop was several years ago. Most new computing devices run Linux, and fit in your pocket.
Re:If it's accessing your X server, it's elevated by bondsbw · 2015-01-28 06:09 · Score: 2

I'm not familiar with writing apps for X, but are you saying that every program that displays a window in X can log all keystrokes including in windows that are not associated with that program?
If so, I'm staying away from X for now on.
If not, I'm not sure what your point is. The malicious application would need to display a fake lock screen, convincing enough to fool the user, before the user would type in their credentials. Only then would that app be able to elevate.

--
All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
Re:If it's accessing your X server, it's elevated by vux984 · 2015-01-28 06:33 · Score: 2

Are you familiar with the traditional attack
Computer somewhere running some OS.
Regular authorized but non-priviledged user logs in and runs regular non-priviledged user-space application "program that looks like lock screen" and then leaves computer.
Another coworker, or perhaps an administrator walks up to use the computer; types in his credentials... and the app saves them...
Windows solution to the attack implemented decade(s) ago:
real windows desktop lock screen can only be unlocked with ctrl-alt-delete which user-land non-priviledged apps can't intercept.
train users never to login to a computer unless they hit ctrl-alt-delete to unlock it first.
Xscreensaver by gringer · 2015-01-28 06:52 · Score: 5, Interesting

Jamie Zawinski has another explanation why screensavers on KDE can't be secure:

Like GNOME, KDE also decided to invent their own screen saver framework from scratch instead of simply using xscreensaver.
And Unity:

Guess what, they did it again! Ubuntu Unity's screen-locking framework is yet another rewrite, and it is completely broken, bug-ridden and insecure. At this time I don't have any information on how to turn it off and use xscreensaver instead. If you do, let me know.

He also has a writeup on toolkits, discussing why locking and unlocking is a hard problem, especially when accessibility features are required.

--
Ask me about repetitive DNA
Re:If it's accessing your X server, it's elevated by JesseMcDonald · 2015-01-28 06:55 · Score: 5, Informative

I'm not familiar with writing apps for X, but are you saying that every program that displays a window in X can log all keystrokes including in windows that are not associated with that program?
Yes. This isn't just X, by the way; it's a common design across most operating systems. Any client can register to receive keyboard and mouse input regardless of the current focus, unless another client has already "grabbed" the input device. This is how things like global keybindings are typically implemented. Windows used for password entry (including lock screens) can grab the keyboard to prevent other programs from listening in. The problem is that this only works if no other program has already grabbed the keyboard.
Secure input handling is one of the many reasons why everyone is eventually planning to switch to Wayland. Under Wayland, only the compositor has access to the raw input or the ability to inject simulated input events. The compositor manages any global keybindings and forwards the remaining events exclusively to the active window.

--
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
Re:If it's accessing your X server, it's elevated by operagost · 2015-01-28 07:08 · Score: 2

Security standards like PCI DSS assume that, yes, your users are untrustworthy or, at best, naive.

--

Gamingmuseum.com: Give your 3D accelerator a rest.
Re:Uses QT for screensaver, complains about securi by Anonymous Coward · 2015-01-28 08:08 · Score: 4, Informative

Jamie Zawinski has been wrong before, too, but in this case it's not even wrong. What we're talking about is the X protocol being fundamentally flawed; it's really pretty irrelevant what screen locker is being used.
And yet Jamie's xscreensaver hasn't been shown to be insecure by this guy. He's only proven what jwz said which is that a lockscreen using a toolkit on top of X11 is insecure.
Let me get this straight... by davek · 2015-01-28 08:22 · Score: 3, Interesting

Let me get this straight. In order to exploit this vulnerability, an attacker must:
* gain login access to your system via SSH
* hope you turned on X11 forwarding
* be root or your user
* hope you've disabled access control with `xhost +`
* be able to run a fake screen locker program to get your password to the system he's already completely compromised
Yes, someone could still stop by your desk and put in the fake screen locker while you were getting coffee, but if you got up and didn't lock your machine, that's on you, not X11.
I'll file this one under "good enough" security.

--
6th Street Radio @ddombrowsky
Re:If it's accessing your X server, it's elevated by Aighearach · 2015-01-28 08:42 · Score: 2

You're tricking yourself into security theater. You can't intercept an actual ctrl-alt-del, but you can read the ctrl and alt keys, and just unlock your fake lock a couple seconds later. For bonus points, as soon as they press ctrl-alt you change the pointer to an hourglass, and wait an extra second, that way even if they're slow they have time to press del. No windows user is going to be surprised or alarmed by 2 seconds of lag. Their brain will probably hold them in a sort of pause mode anyways, because they're so used to waiting to be allowed to continue.
And the more often they have to press a magic key combination, the more robotic it becomes and the less attention they will pay. Also, even if something looks slightly off, they've been taught that this magic key protects them in this situation, so they won't worry much.
Re: If it's accessing your X server, it's elevated by JesseMcDonald · 2015-01-28 10:43 · Score: 2

Some other window most likely does have the keyboard focus, but that's not the same as grabbing the keyboard. Having the focus doesn't prevent input events from also being delivered to other windows, it just tells the non-focused windows to ignore the events. Integrity and privacy for both input and output is a hard problem and something very few windowing systems manage to get right. The solutions tend to involve some degree of inconvenience for the user.

--
"The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
Re:If it's accessing your X server, it's elevated by disambiguated · 2015-01-28 11:36 · Score: 3, Insightful

The basic misunderstanding here is the idea that the screen lock in old X was designed for security, and usable as such; it was just a screensaver with a password
What use is a screensaver with a password that isn't designed for security? Why is the password even there? So it looks secure? Lets just admit it was poorly designed from a security standpoint. That's fine, most stuff designed at that time was not secure. MS-DOS had no security at all. Pointing out that NT occasionally has some good ideas is not an indictment against Unix.
Re:If it's accessing your X server, it's elevated by parenthephobia · 2015-01-28 14:09 · Score: 3, Informative

Your façade rather falls apart when they actually do press "del", I think.
Re:Windows reigns supreme by MrKaos · 2015-01-28 14:50 · Score: 3, Interesting

It was more than just issues with .NET.
Really? Now I'm interested. What other problems did they have?
Messaging systems performance. The closed nature of the windows kernel means it cannot be tuned to the granularity required for performance objectives to be met for the messaging systems. Windows may reign supreme on the desktop, however when it comes to serious computing objectives, it's always the year of the *ix server.
As for this issue affecting any enterprise systems, many don't have a GUI on their console, so there is no opportunity to troll there either.
Incidentally, if you want to see a manifestation of this issue on a X11 desktop, pick a program with menus - lets say firefox, position the mouse on the menu so it opens, then leave the cursor on the menu until the screensaver kicks in. After the lock screen kicks in you will be able to interact with the GUI until the task loses focus, then the screen save will lock. It's been around for a while.
Yep, it's a risk for a desktop, if _insert_convoluted_scenario_here_, however it should still be fixed.

--
My ism, it's full of beliefs.
Re:If it's accessing your X server, it's elevated by benjymouse · 2015-01-28 19:29 · Score: 3, Informative

I'm not familiar with writing apps for X, but are you saying that every program that displays a window in X can log all keystrokes including in windows that are not associated with that program?
Yes. This isn't just X, by the way; it's a common design across most operating systems. Any client can register to receive keyboard and mouse input regardless of the current focus, unless another client has already "grabbed" the input device.
Except in Windows. Since Vista user interface privilege isolation prevents unauthorized processes from grabbing keyboard/mouse events or sending messages to windows owned by another process, even if that process is running as the same user. To be allowed to grab keyboard/mouse, the process must have declared that intent in the manifest *and* it must have been launched from an installed location (program files or windows system). Furthermore, such hooking/messaging is also masked out at the intrinsic level by UAC - specifically by integrity levels. A lower integrity process is simply not allowed - manifest or not - to send messages or install keyboard/mouse hooks at a higher integrity level process.
X is especially bad in this regard, as it does not even protect against shatter attacks and eavesdropping on windows from *another users* processes. If you elevate to root - e.g. sudo from a terminal window - any other process can *still* eavesdrop on keyboard events.

--
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
Re:If it's accessing your X server, it's elevated by pop+ebp · 2015-01-29 22:24 · Score: 2

But when you do actually press the Del key, the real password dialog appears, and it is on a secure desktop (the "Winlogon" desktop) that can't be manipulated by your rogue program. Your window would be seen only after the user entered their password once, which would look quite suspicious.