Ubuntu OnBoard (on screen keyboard) & P/words

Discussion in 'all things UNIX' started by Ocky, Dec 12, 2008.

Thread Status:
Not open for further replies.
  1. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    A general query. In Windows XP using the built in osk is useless when entering passwords etc.
    because it uses the same system API as the keyboard input.

    What about Ubuntu's OnBoard on screen keyboard - would it provide at least
    a modicum of protection against keyloggers ? Or am I paranoid as keyloggers
    would require root password in order to execute ?
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    You can check. Use strace to trace an application that requires a keyboard. Like some login or something. Do it once while using the real keyboard and once using the virtual one and see if there's any difference in system calls :)
    Mrk
     
  3. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Never used strace - I think to interpret the output would need something
    like your LPIC-1. I tried with gedit, simply entering strace gedit in the
    terminal and then using first onboard to enter some numbers, and then
    the normal keybrd. This is about 1% of the output (onboard first).

    close(3) = 0
    access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
    open("/usr/lib/libtasn1.so.3", O_RDONLY) = 3
    read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\21"..., 512) = 512
    fstat64(3, {st_mode=S_IFREG|0644, st_size=61596, ...}) = 0
    mmap2(NULL, 64900, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6bb3000
    mmap2(0xb6bc2000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe) = 0xb6bc2000
    close(3) = 0
    access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
    open("/lib/libgcrypt.so.11", O_RDONLY) = 3
    read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0PD\0\000"..., 512) = 512
    fstat64(3, {st_mode=S_IFREG|0644, st_size=310956, ...}) = 0
    mmap2(NULL, 314504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6b66000

    ETC..ETC
    ***********

    access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
    open("/usr/lib/libtasn1.so.3", O_RDONLY) = 3
    read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\21"..., 512) = 512
    fstat64(3, {st_mode=S_IFREG|0644, st_size=61596, ...}) = 0
    mmap2(NULL, 64900, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6c67000
    mmap2(0xb6c76000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe) = 0xb6c76000
    close(3) = 0
    access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
    open("/lib/libgcrypt.so.11", O_RDONLY) = 3
    read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0PD\0\000"..., 512) = 512
    fstat64(3, {st_mode=S_IFREG|0644, st_size=310956, ...}) = 0
    mmap2(NULL, 314504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6c1a000

    ETC..ETC

    What am I doing wrong here ?
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Save the two to files (-o output-file).
    Then use diff to compare. See if anything comes up.

    And reading strace takes more than lpic ... :) it takes knowing the kernel and interpretting the calls and such.

    Mrk
     
  5. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    ~$ diff -q strace.output strace.output2
    Files strace.output and strace.output2 differ
    ~$

    Thank you Mrk. I saw there is a '-q' option to diff, so I used that
    rather than going through all the lines to find differences. (I did notice
    mmap2 codes for instance that differed).

    Anyway seeing that there are different system calls when using onboard virtual
    keyboard and the normal keyboard, would you say that using onboard might
    be a little 'safer' against keyloggers - or could keyloggers not run unless
    executed by entering the root password ?

    Regards.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hi,

    system call = kernel = root password.

    Therefore, a keylogger cannot work in the user space and hook the keyboard. So as long as you do not intentionally install badware, there's no reason for you to fear your keyboard.

    And the best part, you've learned the power of strace :) At least, you've whetted your appetite for true linux fun ... the beginning thereof.

    Mrk
     
  7. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Many thanks for the lesson ! Great to have you here @ Wilders !
     
Loading...
Thread Status:
Not open for further replies.