Bug 379 - xterm man page is misleading about "Secure Keyboard"
Summary: xterm man page is misleading about "Secure Keyboard"
Status: RESOLVED FIXED
Alias: None
Product: xorg
Classification: Unclassified
Component: App/xterm (show other bugs)
Version: unspecified
Hardware: All All
: medium normal
Assignee: Xorg Project Team
QA Contact:
URL: http://www.acm.vt.edu/~jmaxwell/progr...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-03-26 22:44 UTC by Alan Coopersmith
Modified: 2004-07-20 19:49 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
proposed warning text for manual page (927 bytes, patch)
2004-05-30 11:31 UTC, Adam Jackson 		no flags Details | Splinter Review
View All

Description Alan Coopersmith 2004-03-26 22:44:50 UTC 
The xterm man page includes a section on SECURITY which discusss "Secure
Keyboard" mode, which would make the reader think that xterm can protect
against sniffing the keyboard via the X protocol.  However, this is
misleading since grabKeyboard does not protect against all X-windows
keyboard sniffing techniques.  Refer to the listed website for a technique
(and source code) which can sniff xterms keyboard via keyboard polling
(using XKeycodeToKeysym) even when xterm's "Secure Keyboard" mode is
turned on.

[Originally reported to Sun as Sun bug id #4794364.]
Comment 1 Adam Jackson 2004-05-30 11:31:28 UTC 
Created attachment 337 [details] [review]
proposed warning text for manual page

Perhaps a warning in the man page isn't enough, and it shouldn't be called
"Secure Keyboard" mode anymore?  Paranoid Mode perhaps.
Comment 2 Joel Konkle-Parker 2004-06-09 02:37:06 UTC 
So... what do we have to do to get this committed and closed?
Comment 3 Adam Jackson 2004-06-25 22:34:51 UTC 
alan, any comments on this patch?  should we rename "secure keyboard" mode, or
just warn people in the man page?  i vote for the latter; let me know either
way, i'd like to get this closed.
Comment 4 Alan Coopersmith 2004-06-29 14:59:10 UTC 
The man page warning seems like enough.  My question about closing it is how are
we going to handle xterm?  Keep following Thomas Dickey's source?  If so, do we
want to fix this just in are tree and have to keep merging it forever or should
Thomas be approached about fixing in his master source as well?

If the option was to be renamed "Grab Keyboard" seems better than "Paranoid Mode"
Comment 5 Adam Jackson 2004-06-29 22:26:47 UTC 
I'm all about having other people maintain applications.  Particularly when that
application is xterm.  I'll shoot Tom an email about this bug, possibly
encourage him to host it on fd.o as its own project.

http://freedesktop.org/Software/ProposedAppsPackages lists xterm under the
"redundant" package, but i'd be just as happy to see it exist as a first-class
package.  Gentoo already packages xterm separately, I imagine other
distributions will do so as well once the modularisation effort is complete.
Comment 6 Adam Jackson 2004-07-10 05:06:36 UTC 
This is resolved in Dickey's source as of xterm-186.

As far as packaging goes I suggest we just follow his sources, since it's
actively maintained (186 was released 3 weeks after this bug was opened, with
another five releases between then and now) and there's no real reason to
duplicate effort here.

If no one has any objections, I'll close this.
Comment 7 Adam Jackson 2004-07-21 12:49:12 UTC 
closing, i don't see any reason to not follow dickey's sources.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.