dix: Opt-in keyboard isolation from unfocused windows. #1751
Conversation
Reduce the number of total workflows, so the list isn't so crowded. Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Signed-off-by: artist <artist@artixlinux.org>
Signed-off-by: 9olaris <251053665+9olaris@users.noreply.github.com>
Use the new macros to make request struct parsing / field swapping much easier. Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Use the new macros to make request struct parsing / field swapping much easier. Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Use the new macros to make request struct parsing / field swapping much easier. Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Signed-off-by: callmetango <callmetango@users.noreply.github.com>
|
Sorry if I'm very wrong because of my limited knowledge, but isn't this already achieved (or in progress to be achieved) with Xnamespaces ? Check the documentation here #551 and https://github.com/KendricksLCamille/xserver/blob/master/doc/Xnamespace.md I also remember seeing a screenshot somewhere, but I wasn't able to find it anymore showcasing that keylogging doesn't work across namespaces. |
@Winnetou17 Yeah, I've seen that, but it seems to be pretty complicated. As far as I understand, to isolate application, I need to generate a token and launch it with this token (e.g. I may be wrong, so... explanations and criticism are welcome. |
|
Laugh if you all want, but I can't figure out how to use the option value after parsing, instead of hardcoded value. diff --git a/hw/xfree86/common/xf86Config.c b/hw/xfree86/common/xf86Config.c
index 0a2e3a745..fce7d6ff1 100644
--- a/hw/xfree86/common/xf86Config.c
+++ b/hw/xfree86/common/xf86Config.c
@@ -657,6 +657,7 @@ typedef enum {
FLAG_IGLX,
FLAG_DEBUG,
FLAG_ALLOW_BYTE_SWAPPED_CLIENTS,
+ FLAG_ISOLATE_KEYBOARD,
} FlagValues;
/**
@@ -718,6 +719,8 @@ static OptionInfoRec FlagOptions[] = {
{0}, FALSE},
{FLAG_ALLOW_BYTE_SWAPPED_CLIENTS, "AllowByteSwappedClients", OPTV_BOOLEAN,
{0}, FALSE},
+ {FLAG_ISOLATE_KEYBOARD, "IsolateKeyboard", OPTV_BOOLEAN,
+ {0}, FALSE},
{-1, NULL, OPTV_NONE,
{0}, FALSE},
};
@@ -754,6 +757,8 @@ configServerFlags(XF86ConfFlagsPtr flagsconf, XF86OptionPtr layoutopts)
xf86GetOptValBool(FlagOptions, FLAG_DONTZAP, &xf86Info.dontZap);
xf86GetOptValBool(FlagOptions, FLAG_DONTZOOM, &xf86Info.dontZoom);
+ xf86GetOptValBool(FlagOptions, FLAG_ISOLATE_KEYBOARD, &xf86Info.isolateKeyboard);
+
xf86GetOptValBool(FlagOptions, FLAG_IGNORE_ABI, &xf86Info.ignoreABI);
if (xf86Info.ignoreABI) {
LogMessageVerb(X_CONFIG, 1, "Ignoring ABI Version\n");
diff --git a/hw/xfree86/common/xf86Globals.c b/hw/xfree86/common/xf86Globals.c
index 58e20dcde..4d1726a9c 100644
--- a/hw/xfree86/common/xf86Globals.c
+++ b/hw/xfree86/common/xf86Globals.c
@@ -131,6 +131,7 @@ xf86InfoRec xf86Info = {
.autoAddGPU = FALSE,
#endif
.autoBindGPU = TRUE,
+ .isolateKeyboard = FALSE,
};
const char *xf86ConfigFile = NULL;
diff --git a/hw/xfree86/common/xf86Privstr.h b/hw/xfree86/common/xf86Privstr.h
index 5a1db5d1c..f1aafa515 100644
--- a/hw/xfree86/common/xf86Privstr.h
+++ b/hw/xfree86/common/xf86Privstr.h
@@ -94,6 +94,8 @@ typedef struct {
Bool autoAddGPU;
const char *debug;
Bool autoBindGPU;
+
+ Bool isolateKeyboard;
} xf86InfoRec, *xf86InfoPtr;
/* ISC's cc can't handle ~ of UL constants, so explicitly type cast them. */
diff --git a/hw/xfree86/parser/Flags.c b/hw/xfree86/parser/Flags.c
index 362028358..ae52faef5 100644
--- a/hw/xfree86/parser/Flags.c
+++ b/hw/xfree86/parser/Flags.c
@@ -80,6 +80,7 @@ static const xf86ConfigSymTabRec ServerFlagsTab[] = {
{SUSPENDTIME, "suspendtime"},
{OFFTIME, "offtime"},
{DEFAULTLAYOUT, "defaultserverlayout"},
+ {ISOLATEKEYBOARD, "isolatekeyboard"},
{-1, ""},
};
@@ -127,6 +128,7 @@ xf86parseFlagsSection(XF86ConfFlagsPtr ptr)
case DISABLEMODINDEV:
case MODINDEVALLOWNONLOCAL:
case ALLOWMOUSEOPENFAIL:
+ case ISOLATEKEYBOARD:
{
int i = 0;
diff --git a/hw/xfree86/parser/xf86tokens.h b/hw/xfree86/parser/xf86tokens.h
index 087f707b4..347fc73b1 100644
--- a/hw/xfree86/parser/xf86tokens.h
+++ b/hw/xfree86/parser/xf86tokens.h
@@ -107,6 +107,7 @@ typedef enum {
SUSPENDTIME,
OFFTIME,
DEFAULTLAYOUT,
+ ISOLATEKEYBOARD,
/* Monitor tokens */
MODEL,
As far as I understand, it can see this option and able to parse its value, because options that do not exist in XLibre are not visible in log at all. But I can't use this value in Help is appreciated... |
|
Well, I figured out, it works as it should, so in case with xf86GetOptValBool(FlagOptions, FLAG_ISOLATE_KEYBOARD, &xf86Info.isolateKeyboard);
isolateKeyboard = xf86Info.isolateKeyboard; |
|
Video demonstration of results I achieved with this is here. With off.mp4With on.mp4@metux any thoughts on this? I wonder what I can improve and how, since I'm not very well knowledged in X server development. |
|
Question: does alt-tab works to switch focus? |
Yes, you can see it in his 2nd example video at 0:49, he's presumably switching through alt-tab. |
@Gabrielcarvfer yeah, sure. 2025-12-29_14-40-43.mp4I mentioned that in first comment:
Everything that relies on passive grabbing works. |
itz-me-zappex
force-pushed
the
isolate-keyboard
branch
from
766641b to
9ef3efe
Compare
|
I think this is ready. |
itz-me-zappex
force-pushed
the
isolate-keyboard
branch
from
9ef3efe to
0ceec3a
Compare
|
No, it is not. I noticed that it prevents raw mouse input in Wine/Proton games, so it is impossible to move camera in shooters, but games that don't rely on this work fine, e.g. RTS, this is why I did not notice that before. I will allow mouse events in |
itz-me-zappex
force-pushed
the
isolate-keyboard
branch
from
0ceec3a to
28f18f4
Compare
|
Fixed, now What I have now with
Is there anyone else who could test this? Maybe there is DE/WM that behaves weird with this option turned on? Also I'd like to see whether it is possible to bypass this keyboard isolation with tricky keylogger or not. Except ones that listen |
|
Merge Conflict found |
It is patch 1/3 of a series that makes adding GPU screens more controllable. If SingleDriver option is set to "on", then only the first successfully probed driver adds non-GPU screens, others may add secondary GPU screens only. Fixes github.com//issues/1669 Signed-off-by: Oleh Nykyforchyn <oleh.nyk@gmail.com>
|
Nice force push. I will duplicate my question here. c79f376: @metux Should not it also be included in |
itz-me-zappex
force-pushed
the
isolate-keyboard
branch
from
28f18f4 to
8a9a14a
Compare
|
Rebased on top of master branch, signed-off-by check fails for unknown reason, also I included |
itz-me-zappex
force-pushed
the
isolate-keyboard
branch
from
4a40fa0 to
47d4b5f
Compare
itz-me-zappex
force-pushed
the
isolate-keyboard
branch
from
47d4b5f to
32050ed
Compare
Adds "IsolateKeyboard" option to "ServerFlags" section. If enabled: Disallows raw keyboard events and prevents keyboard input events to unfocused windows and clients without window to prevent keylogging. If disabled: Follows default X behavior. Signed-off-by: itz-me-zappex <85901674+itz-me-zappex@users.noreply.github.com>
|
This is me tried to fix commit history here after syncing to master branch. Failed successfully. Well, I will keep them then. |
8 participants
In case you all interested in isolating keyboard from keyloggers and unfocused windows (as that is done in Wayland), we could implement this in X server. My idea is that we could provide
IsolateKeyboardoption (or whatever name fits it) toxorg.confso everybody who interested in hardening their systems can enable this feature. Like this:Option "IsolateKeyboard" "true".This is just testing, and you guys know better where and how that should be implemented, there is just variable with hardcoded
true(should be set inxorg.confas option) and changes I did to achieve proper behavior.After some tinkering I found out that keyloggers may listen raw input while applications do not listen those (at least I did not find any). So I decided to not handle these events if
IsolateKeyboardistrue. More details in commented lines. As a result, CLI tools which listen raw input just do not see any input. Test:xinput test <keyboard>.Also it seems that
DeliverOneEvent()is used to deliver input-related events to clients, so I added filter that denies keyboard-related events in case those are requested by an unfocused window or even CLI tool ifIsolateKeyboardistrue. As a result, applications see input when those are focused, while CLI tools likexinputcan see only pointer motion events andpresses on Super button(only FocusIn and FocusOut, it does not see any key press). Test:xinput test-xi2 --root.I can't do these checks in
TryClientEvents()(which is executed before sending event to client and all checks should be done there) as there is no way to get information about whether window we want to send event is focused or not.I did not touch passive grab, so that DE/WM and apps (like OBS) can handle keyboard properly without being focused. As far as I understand, passive grab does not allow listen input and just waits until X server will tell to application that expected keybinding is pressed. Right?
Total (from my testing):
Broken:
xinput test <keyboard>) or XI2 input (test:xinput test-xi2 --root). Those do not have a window, so those can't be focused, so those will not get any event.Works: