Opened 2 years ago

Closed 14 months ago

#22950 closed enhancement (wontfix)

Filter out X11 root window property queries.

Reported by: yawning Owned by: yawning
Priority: Medium Milestone:
Component: Archived/Tor Browser Sandbox Version:
Severity: Normal Keywords: sandbox-fingerprinting
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

There's a whole host of X11 root window properties that leak various bits of information about the host system. These should be filtered out, and now can be because the sandbox has an X11 proxy that can do protocol inspection and response rewriting.

Child Tickets

Change History (3)

comment:1 Changed 2 years ago by yawning

Keywords: sandbox-fingerprinting added

The immediate solution for this is "Use Xephyr", so people that wish to avoid this have options already since that's supported and relatively well tested. I am inclined to think that plugging all of the X11 related information disclosure issues is futile by virtue of the protocol design without basically implementing a full fledged X server.

comment:2 Changed 2 years ago by cypherpunks

The problem with Xephyr is that you need to also use a MAC or chroot to prevent the process from accessing the root X11 cookie, which is not as easy as running Xephyr. It's certainly doable, but how many people are going to do it?

I think a better idea is to use XGrabKeyboard() in Tor Browser, which will prevent other applications from snooping on passwords being typed into the browser. See https://tronche.com/gui/x/xlib/input/XGrabKeyboard.html. Many security-critical programs do this, like OpenSSH and GnuPG. We should think of doing it here, too.

(Edit) Oops, just found out from http://seclists.org/bugtraq/2005/Jun/3 that this interface is often misused, and XQueryKeymap() can bypass keyboard grabs. Not sure if this can be disabled from an application.

Last edited 2 years ago by cypherpunks (previous) (diff)

comment:3 Changed 14 months ago by yawning

Resolution: wontfix
Status: newclosed

This project is deprecated, and none of these will ever be fixed.

Note: See TracTickets for help on using tickets.