Исходное сообщение
"Сравнение производительности игр при использовании Wayland и..." Отправлено llolik, 31-Дек-21 21:35
> Ну раз так просишь Опять в трёхстотый раз эта репа. Через LD_PRELOAD можно хоть монольский йенг на каждом (своём) окне рисовать, хоть ввод грабить (в нём же). Как дисплейный протокол и сервер может бороться с code injection (ну без SELinux и прочих извратов)? Собственно, цитируем Дрюсика https://drewdevault.com/2019/02/10/Wayland-misconceptions-de... > There is an unfortunate GitHub project called “Wayland keylogger” whose mode of operation is using LD_PRELOAD to intercept calls to the libwayland shared library and record keypresses from it. The problem with this “critique” is stated in the README.md file, though most don’t read past the title of the repository. Wayland is only one part of an otherwise secure system. Using LD_PRELOAD is effectively equivalent to rewriting client programs to log keys themselves, and any program which is in a position to do this has already won. If I rephrased this as “Wayland can be keylogged, assuming the attacker can sneak some evil code into your .bashrc”, the obviousness of this truth should become immediately apparent. Some people have also told me that they can log keys by opening /dev/input/* files and reading input events. They’re right! Try it yourself: sudo libinput debug-events. The catch should also be immediately obvious: ask yourself why this needs to be run with sudo.

Ваше сообщение
Имя*:
EMail:	Для отправки ответов на email укажите знак ! перед адресом, например, !user@host.ru (!! - не показывать email). Более тонкая настройка отправки ответов производится в профиле зарегистрированного участника форума.
Заголовок*:
Сообщение*:	>> Ну раз так просишь > Опять в трёхстотый раз эта репа. Через LD_PRELOAD можно хоть монольский йенг > на каждом (своём) окне рисовать, хоть ввод грабить (в нём же). > Как дисплейный протокол и сервер может бороться с code injection (ну > без SELinux и прочих извратов)? > Собственно, цитируем Дрюсика > https://drewdevault.com/2019/02/10/Wayland-misconceptions-debunked.html >> There is an unfortunate GitHub project called “Wayland keylogger” whose mode of operation is using LD_PRELOAD to intercept calls to the libwayland shared library and record keypresses from it. The problem with this “critique” is stated in the README.md file, though most don’t read past the title of the repository. Wayland is only one part of an otherwise secure system. Using LD_PRELOAD is effectively equivalent to rewriting client programs to log keys themselves, and any program which is in a position to do this has already won. If I rephrased this as “Wayland can be keylogged, assuming the attacker can sneak some evil code into your .bashrc”, the obviousness of this truth should become immediately apparent. Some people have also told me that they can log keys by opening /dev/input/* files and reading input events. They’re right! Try it yourself: sudo libinput debug-events. The catch should also be immediately obvious: ask yourself why this needs to be run with sudo.
	Введите код, изображенный на картинке: