Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Windows "Secure Desktop", no equivalent in Linux?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
el muchacho
Tux's lil' helper
Tux's lil' helper


Joined: 26 Mar 2015
Posts: 78

PostPosted: Wed Jul 29, 2015 8:37 am    Post subject: Windows "Secure Desktop", no equivalent in Linux? Reply with quote

Hi,

Is this a serious security feature that lacks in the Linux world (not aware of this) ?

In Windows, the system can flip into a new Desktop mode whose handles/context run separately into the SYSTEM account, so that a normal user app cannot intercept/interfere with keys struck.

In a way it's a bit similar to how the Ctrl-Alt-Del sequence escapes from the normal signals that an app can deal with.

In the Linux/X world, i don't think this exists. It is well known that any app can capture keys you strike, for instance your password when running sudo in a terminal. Of course if you use sandboxes you can control some system calls, for instance ptrace, and prevent processes snooping on the rest of the system.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21490

PostPosted: Thu Jul 30, 2015 1:02 am    Post subject: Reply with quote

Keyboard grabs ensure that keystrokes are passed only to the application with the grab. XScreensaver does this. You can direct xterm to do this prior to entering sensitive passwords. Grabs are not normally used because most users like having keybindings for their window manager, and when the grab is in effect, the window manager keybindings do not work.
Back to top
View user's profile Send private message
Roman_Gruber
Advocate
Advocate


Joined: 03 Oct 2006
Posts: 3846
Location: Austro Bavaria

PostPosted: Thu Jul 30, 2015 9:44 am    Post subject: Reply with quote

Sorry I do not get your point!

If you do not trust the layers below you are out of luck.

And considering a windows a ssecure is total bullshit because its binary and from only one company.

And you only see it from the software side, you can compromise the hardware so the software layer above is not aware of it.


Micronacy in redmond can call anything secure and some will believe it but I highly doubt it.

and you may research the security topic regarding bios / firmware / binaries / harddrive exploits / and much much more ... and such and than you may realize why i stated my opinion above!
Back to top
View user's profile Send private message
keet
Guru
Guru


Joined: 09 Sep 2008
Posts: 565

PostPosted: Thu Jul 30, 2015 10:21 am    Post subject: Reply with quote

Hu wrote:
Keyboard grabs ensure that keystrokes are passed only to the application with the grab. XScreensaver does this. You can direct xterm to do this prior to entering sensitive passwords. Grabs are not normally used because most users like having keybindings for their window manager, and when the grab is in effect, the window manager keybindings do not work.


For the sake of argument, could there be a process that runs with root privileges (or some elevated daemon) that makes sure that input goes only to the window that has focus, and be configured to allow at least some keystrokes to be redirected or shared only to the window manager (or whatever handles hotkeys)? This sounds like what the window manager already does, except that now it is handled by an elevated process. I should probably read more about exactly how this works.

When it comes down to it, though, it sounds like you are still trusting (a) the program that you are typing into and (b) the window manager/operating system/whatever handles the software aspect of the keystrokes, and (c) the hardware that you are using to enter input.
Back to top
View user's profile Send private message
el muchacho
Tux's lil' helper
Tux's lil' helper


Joined: 26 Mar 2015
Posts: 78

PostPosted: Thu Jul 30, 2015 11:31 am    Post subject: Reply with quote

tw04l124 wrote:

And considering a windows a ssecure is total bullshit because its binary and from only one company.


My point is not about relauching an "is Linux more secure than Windows".

My point is:

- any XWindow process can intercept any keyboard input, including the sudo password you are typing in your console.

- if you need to input an Admin password in Windows, it does so by recreating a new Desktop object, that has different handles and a different security context, making it impossible to capture the keys being hit from your normal Desktop environment where you may have a malware trying to keylog everything.

So by default, this specific feature is, or at least seems (that's why I'm asking), more secure, now if you've got precise arguments and facts to bring to the topic on how XWindow can or cannot capture keyboard input like Hu did, you're welcome.
Back to top
View user's profile Send private message
ct85711
Veteran
Veteran


Joined: 27 Sep 2005
Posts: 1791

PostPosted: Thu Jul 30, 2015 1:58 pm    Post subject: Reply with quote

Quote:
- if you need to input an Admin password in Windows, it does so by recreating a new Desktop object, that has different handles and a different security context, making it impossible to capture the keys being hit from your normal Desktop environment where you may have a malware trying to keylog everything.


This part is incorrect, it's only on the software side (after the keys are decoded by the OS). It is not hard to monitor the hardware side directly and catch the keys entered before it gets to the OS/software layer completely without any restrictions. The issue about security is that it's fine when you are using it, but it needs to cover everything as a whole to be effective. It's like hanging a black blanket in front of a screen. Sure, you can't see through it, but that black blanket doesn't cover the sides or the back of the screen; allowing people to completely walk around it and bypass it. Also this security context isn't anything new, as it's been in windows for several versions and people bypass it all the time. All it is, is a fresh coat of paint over old code and saying "look, something shiny!".
Back to top
View user's profile Send private message
el muchacho
Tux's lil' helper
Tux's lil' helper


Joined: 26 Mar 2015
Posts: 78

PostPosted: Thu Jul 30, 2015 3:17 pm    Post subject: Reply with quote

ct85711 wrote:
It is not hard to monitor the hardware side directly and catch the keys entered before it gets to the OS/software layer completely without any restrictions.


As a non-admin ?
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54098
Location: 56N 3W

PostPosted: Thu Jul 30, 2015 6:23 pm    Post subject: Reply with quote

el muchacho,

Google keylogger and TEMPEST for two things.
Its also possible to tell what you are typing by making an audio recording of your keystrokes.

There are several demonstrations of recovering data from RAM by rebooting with a USB key and making an image of all of RAM.
Passwords still in RAM have been identified. Its reported to work for several minutes after a machine has been poweread off.

That's without getting inside the hardware. Once an attacker has physical access to your hardware, they can do what they want.

Security is like the layers of an onion, its not imposible to break, it makes it more difficult. The idea being that the attacker will find a another target.
Of course, if its the NSA and they want your passwords, they won't do any of this. They will just send the boys round.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
el muchacho
Tux's lil' helper
Tux's lil' helper


Joined: 26 Mar 2015
Posts: 78

PostPosted: Thu Jul 30, 2015 9:51 pm    Post subject: Reply with quote

I'm aware of those, but that's not the point of my topic.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21490

PostPosted: Thu Jul 30, 2015 10:21 pm    Post subject: Reply with quote

The X server is responsible for reading the input from hardware and passing it to an application. The X server is not aware of the permissions of the individual programs, so there is no need for a key management process to run elevated. I am not aware of a way, using only existing tools and features, to implement a system that allows the window manager to monitor keystrokes and forbids all other unfocused programs from monitoring keystrokes. Such a system would be required to implement an equivalent to Windows' isolated desktop. In general, the solution on Linux has been that you should prevent untrusted programs from connecting to the X server at all, in which case they cannot monitor keystrokes. Under standard X server configurations, only processes with CAP_DAC_READ_SEARCH or running as the same user can access your X server authorization cookie. This provides good enough protection if you refrain from running untrusted programs under your user ID.
Back to top
View user's profile Send private message
baaann
Guru
Guru


Joined: 23 Jan 2006
Posts: 558
Location: uk

PostPosted: Thu Jul 30, 2015 11:49 pm    Post subject: Reply with quote

Hopefully I have understood correctly, but Martin Gräßlin appears to be addressing this in Kwin?
Back to top
View user's profile Send private message
ct85711
Veteran
Veteran


Joined: 27 Sep 2005
Posts: 1791

PostPosted: Fri Jul 31, 2015 12:45 am    Post subject: Reply with quote

Quote:
As a non-admin ?

How do you think keyloggers and other malware/viruses work? All of them doesn't care about what user you are, yet they affect systems right and left without a care in the world. There's been several times, as the windows guest account (which should be the most restrictive account), I was able to go in and change the admin's password. Windows is notorious for redirecting people's attention away from the glaring issues, and have people look at the nice and shiny. Sadly, they've mastered the phrase "Out of sight, out of mind" for normal people (aka mindless sheep) and ignore the people don't follow along (like all the hackers happy because they get free reins to do what they want).
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum