Undermining XGrabKeyboard

Paulo Cesar Pereira de Andrade pcpa at mandriva.com.br
Tue Mar 4 09:18:39 PST 2008 

Sebastian wrote:
> On Tue, 2008-03-04 at 08:27 -0800, Octavio Alvarez wrote:
>> In xorg.conf:
>>
>> Section "ServerFlags"
>>   Option "AllowDeactivateGrabs" "On"
>>   Option "AllowClosedownGrabs" "On"
>> EndSection
>>
>> This should allow you to release grabs with Ctrl+Alt+* and Ctrl+Alt+/.
>
> Hi,
>
> thanks, but this seems to work only if the grabbing application is
> "well-behaving" anyway. (i.e. has working event processing loop)
>
> It fails when a application runs havok like this cruft here:
> WARNING: It may lock up your windowing system for at least 6 seconds. I
> removed the event loop on purpose so that it has the safety net of
> returning after 6 seconds. 
>
> ***********************************************************
> ***********************************************************
> #include <X11/Xlib.h>
> int main() 
> {
>   Display *disp;
>   Window win;
>   XEvent e;
>   int screen; 
>
>   disp=XOpenDisplay(NULL);
>   screen=DefaultScreen(disp);
>   win=XCreateSimpleWindow(disp, RootWindow(disp, screen), 10, 10, 100,
> 100, 1, BlackPixel(disp, screen), WhitePixel(disp, screen));
>  
>   XSelectInput(disp, win, ExposureMask | KeyPressMask);
>   XMapWindow(disp, win);
>   XNextEvent(disp, &e);
>   XGrabKeyboard(disp, win, True, GrabModeSync, GrabModeSync,
> CurrentTime);
>   sleep(6);
>   XCloseDisplay(disp);
>   return 0;
> }
  The options AllowDeactivateGrabs and AllowClosedownGrabs were
added when netscape and first versions f mozilla were the only
Linux/FreeBSD browser, and linked with motif, that was buggy as
hell, i.e. would grab keyboard/mouse/server and sit waiting for
events in another window/widget.

  Your sample could be done by some non malicious program, but a
malicious program could do worse.

  Actually, I believe the original patch would not hang, but when
it was converted to be configurable by xkb it could have changed
behaviour.

  I wrote a patch for the Mandriva X Server that handles keyboard
events using sigio, like mouse events, and it will handle
Ctrl+Alt+Backspace specially, i.e. if the server is handling a
client request, it will kill the client, otherwise, if "waiting
for something" it will just exit the main lopp; and the handling is
done in the signal handler, but currently only available for the kbd
driver.
  This patch was not done to handle malicious programs, but to
allow restarting the X Server, or possibly continue running,
if it did hang in an infinite loop, as it would kill the client
and siglongjmp to a "safe place".

Paulo

More information about the xorg mailing list