Linux security (was Re: [clug] Witty worm a wake up call)

mbp at mbp at
Mon Jun 7 11:13:56 GMT 2004

On  7 Jun 2004, Tony and Robyn Lewis <beakysnugger at> wrote:

> 1. how easy is it to keylog in Linux, assuming privileges of the user
> you're trying to log?

Fairly easy.  X applications can generally catch all input going to
another window.  Some things like ssh-askpass-gnome disable this and
the 'secure input' option on xterm does it too, but a smart attacker
could get around them.

> 2. how easy would it be to rigorously test to see if you're being
> sniffed?  Could you reasonably expect to see, say, how many processes
> get your keystrokes (e.g. X -> shell -> some app), and then have a good
> indicator as to if you're being sniffed?

It's impossible to know for sure if an attacker has root on the
machine, unless you boot from known-good media.  chkrootkit may help.

See e.g.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :

More information about the linux mailing list