Path: utzoo!censor!geac!jtsv16!uunet!cs.utexas.edu!tut.cis.ohio-state.edu!bloom-beacon!RAPTOR.CRAY.COM!bobo
From: bobo@RAPTOR.CRAY.COM (Bob Kierski)
Newsgroups: comp.windows.x
Subject: Peeping Toms
Message-ID: <8911101621.AA06861@cygnus.cray.com>
Date: 10 Nov 89 16:21:25 GMT
Organization: The Internet
Lines: 24


	Recently I wrote a program, "peeping_tom,"that demonstrates what I
would consider a potentially dangerous security problem with X11.  This
program simply selects KeyPress events from all of the active windows on a
display and prints LookupString value for each KeyPress event.  The true
danger comes when a user performs an action which requires a password
because peeping_tom will see every keystroke even if the user doesn't.

	I don't have any suggestions as to how this problem can be fixed.
I just thought I'd make you aware that the problem exists.


Have a day,

bobo

Bob Kierski
Cray Research, Inc.
1440 Northland Drive
Mendota Heights, MN 55120

Phone:  (612)681-3087
Fax:    (612)681-3099
Email:  bobo@cray.com