PDA

View Full Version : question about security for CoreGraphics event taps




paddym
Sep 9, 2008, 11:24 AM
I was playing around with keyboard mappings and I stumbled upon some behavior that I didn't understand. I wrote it up on my blog at http://paddymullen.com/?p=46 . I'm curious to understand the reasoning behind the api decisions made by Apple



gnasher729
Sep 9, 2008, 12:02 PM
I was playing around with keyboard mappings and I stumbled upon some behavior that I didn't understand. I wrote it up on my blog at http://paddymullen.com/?p=46 . I'm curious to understand the reasoning behind the api decisions made by Apple

The system doesn't allow you to find out which keys are pressed when a password dialog is opened, because that would be a clear security violation (you would be able to detect the user's passwords and do all kinds of horrible things). And the user wouldn't notice, because there is no visible sign that you are reading these keys.

The system allows you to produce keys when a modifier key is pressed; this can interfere with the operation of the computer, but is no security risk. The user notices it; if it interferes with the operation of the computer, he or she will remove your software. So we would have to assume that this "insert key" behaviour is something that the user wanted, and if he wanted this behaviour in normal text entry, it seems reasonable that he wants it while entering a password as well.

iSee
Sep 9, 2008, 12:12 PM
I can only speculate on Apple's motives but...

I'd guess that kCGEventKeyUp/Down are protected while CGEventFlagsChanged is not because it didn't seem likely that a snooping program could derive any important information from watching only modifier keys.

Watching/logging general keystrokes, on the other hand, could yield all kinds of good stuff.

Sayer
Sep 9, 2008, 07:13 PM
IIRC password text fields get very special treatment down to the Kernel level in later Mac OS X.

You can not intercept key events entered into a password text field if your app is not the owner of the password text field.

Nice try tho.