[Konsole-devel] [Bug 68742] Information leak of keystrokes.
Dirk Mueller
mueller at kde.org
Fri Nov 21 17:38:20 UTC 2003
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugs.kde.org/show_bug.cgi?id=68742
------- Additional Comments From mueller at kde.org 2003-11-21 18:38 -------
The problem is that once you have the root privileges necessary
to read /proc/kcore you don't have to rely on something as unreliably
as reading the kernel memory. You can just replace the /usr/bin/ssh
binary with a version that writes your entered password to a hidden
logfile.
such backdoor patches to ssh are commonly available on the web. There
are even patches to /bin/bash that will log every keystroke you make.
More information about the konsole-devel
mailing list