Undermining XGrabKeyboard

Paulo Cesar Pereira de Andrade pcpa at mandriva.com.br
Tue Mar 4 09:18:39 PST 2008

Sebastian wrote:
> On Tue, 2008-03-04 at 08:27 -0800, Octavio Alvarez wrote:
>> In xorg.conf:
>> Section "ServerFlags"
>>   Option "AllowDeactivateGrabs" "On"
>>   Option "AllowClosedownGrabs" "On"
>> EndSection
>> This should allow you to release grabs with Ctrl+Alt+* and Ctrl+Alt+/.
> Hi,
> thanks, but this seems to work only if the grabbing application is
> "well-behaving" anyway. (i.e. has working event processing loop)
> It fails when a application runs havok like this cruft here:
> WARNING: It may lock up your windowing system for at least 6 seconds. I
> removed the event loop on purpose so that it has the safety net of
> returning after 6 seconds. 
> ***********************************************************
> ***********************************************************
> #include <X11/Xlib.h>
> int main() 
> {
>   Display *disp;
>   Window win;
>   XEvent e;
>   int screen; 
>   disp=XOpenDisplay(NULL);
>   screen=DefaultScreen(disp);
>   win=XCreateSimpleWindow(disp, RootWindow(disp, screen), 10, 10, 100,
> 100, 1, BlackPixel(disp, screen), WhitePixel(disp, screen));
>   XSelectInput(disp, win, ExposureMask | KeyPressMask);
>   XMapWindow(disp, win);
>   XNextEvent(disp, &e);
>   XGrabKeyboard(disp, win, True, GrabModeSync, GrabModeSync,
> CurrentTime);
>   sleep(6);
>   XCloseDisplay(disp);
>   return 0;
> }
  The options AllowDeactivateGrabs and AllowClosedownGrabs were
added when netscape and first versions f mozilla were the only
Linux/FreeBSD browser, and linked with motif, that was buggy as
hell, i.e. would grab keyboard/mouse/server and sit waiting for
events in another window/widget.

  Your sample could be done by some non malicious program, but a
malicious program could do worse.

  Actually, I believe the original patch would not hang, but when
it was converted to be configurable by xkb it could have changed

  I wrote a patch for the Mandriva X Server that handles keyboard
events using sigio, like mouse events, and it will handle
Ctrl+Alt+Backspace specially, i.e. if the server is handling a
client request, it will kill the client, otherwise, if "waiting
for something" it will just exit the main lopp; and the handling is
done in the signal handler, but currently only available for the kbd
  This patch was not done to handle malicious programs, but to
allow restarting the X Server, or possibly continue running,
if it did hang in an infinite loop, as it would kill the client
and siglongjmp to a "safe place".


More information about the xorg mailing list