ubuntu-x-swat team mailing list archive

Thread
Date

[Bug 800172] Re: Application keylogger vulunerability in Xserver

To: ubuntu-x-swat@xxxxxxxxxxxxxxxxxxx
From: Sergiu <800172@xxxxxxxxxxxxxxxxxx>
Date: Mon, 11 Jul 2011 13:03:45 -0000
Reply-to: Bug 800172 <800172@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Closing this is wrong. Upstream is responsible for making Xorg work, not
for delivering a reasonably secure desktop experience, that is the job
of the distribution maintainers. Upstream is just saying use SElinux,
that is not the best way to do this, keylogging is trivial under the
current setup, Windows / OSX do not suffer from this. Under Xorg it is
possible to write a one-line command line that captures input and posts
it to a web server.

-- 
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to xserver-xorg-input-evdev in Ubuntu.
https://bugs.launchpad.net/bugs/800172

Title:
  Application keylogger vulunerability in Xserver

To manage notifications about this bug go to:
https://bugs.launchpad.net/wayland/+bug/800172/+subscriptions

References

[Bug 800172] [NEW] Application keylogger vulunerability in Xserver
From: Mark, 2011-06-21