On Fri, 26 Apr 2024, Tim via users wrote:
Tim: (re xeyes)
My guess would be that something monitoring mouse movements when those
mouse movements could be related to another app is considered insecure.
Well, *I* would consider it insecure if any app could see what I was
doing with the mouse at any time.
Michael Hennebry:
Not obvious.
Presumably most GUIs would need to monitor the mouse.
Presumably most GUIs would be started by the owner of the mouse.
If xeyes is not allowed, presumably gnome-screenshot --include-pointer
is not allowed either.
Is it?
If the issue is looking outside one's window,
presumably gnome-screenshot is not allowed at all.
I'm thinking more in principle than specifics... If xeyes could do it,
so could something else, so one might forbid the practice in general.
I got that.
If a nefarious program can impersonate the mouse owner,
said owner already has problems.
I suppose the same would apply to keyboard owners.
It's one thing to observe the mouse has moved, to nudge the screensaver
timer, for instance. But it's another thing to track the movements
precisely.
Does wayland allow it?
Tangentially related, nefarious keylogging springs to mind. If only
one thing at a time could monitor what you type, and nothing else could
pretend to be a keyboard and pass them through, software key loggers
would be harder to implement. Your key entries only going into what
you intend them to. Something that tried to intercept them would
apparently stop the keyboard from working - your typing wouldn't appear
where you expected it to, as you typed.
Of course that would break global hotkeys, and on-screen keyboards.
Ideas about security always seem to mess up something else. SELinux is
like that.
--
Michael henne...@mail.cs.ndsu.nodak.edu
"SCSI is NOT magic. There are *fundamental technical
reasons* why it is necessary to sacrifice a young
goat to your SCSI chain now and then." -- John Woods
--
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
