guysoft
chromium keyboard shortcuts pose security risk to kiosk while in public areas
What were you doing?
Chromium Keyboard shortcuts are still active while in kiosk mode. New windows and tabs can be opened which poses a security risk, allowing a public user to tamper with Chromium. Tried using xmodmap to disable CTRL ALT keys but the setting does not apply to Chromium. Even tried using an extension to modify keyboard shortcuts, was able to disable or reroute most of them but there was still a way to open a new window CTRL+SHIFT+N. Not sure if this is an issue with FullPageOS, seems more a chromium issue, but since this is a kiosk project, the availability of keyboard shortcuts and inability to manage them properly to secure the kiosk kind of defeats the purpose.
What did you expect to happen?
What happened instead?
Was there an error message displayed? What did it say?
Version of FullPageOS?
0.8.1 [Can be found in /etc/fullpageos_version ALWAYS INCLUDE.]
Screenshot(s) showing the problem:
[If applicable. Always include if unsure or reporting UI issues.]
I can add this as a feature of ita avilable in chromium, preferably as a commandline flag
I managed to reroute the shortcuts that could open new tabs, including history, downloads, print window, bookmarks, bookmark bar. The only shortcut I left available was ctrl+w and ctrl+shift+q because that can be useful for troubleshooting. The extension I used is shortkey, although the extension itself proved useless for disabling shortcuts, it did enable chromiums built in keyboard shortcut manager, which I used to reroute the commands. So far from what ive seen chromium does not support disabling of shortcuts.
From: Guy Sheffer [email protected] Sent: Wednesday, November 21, 2018 10:53 AM To: guysoft/FullPageOS [email protected] Cc: Brakatselos, George [email protected]; Author [email protected] Subject: Re: [guysoft/FullPageOS] chromium keyboard shortcuts pose security risk to kiosk while in public areas (#264)
Attention: This email came from an external source. Do not open attachments or click on links from unknown senders or unexpected emails.
I can add this as a feature of ita avilable in chromium, preferably as a commandline flag
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/guysoft/FullPageOS/issues/264#issuecomment-440715678, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ArFv41dhHZTPq95m8t4RJquirMA6OHz2ks5uxXbygaJpZM4YtS-L.
@gbrakcounty
Do not use standard keyboards in public areas - Modify the existing keyboard or buy one made for public usage (kiosk type).
https://www.aliexpress.com/store/product/Custom-40-keys-IP65-fully-sealed-USB-PS2-RS232-interface-metal-keypad-keyboard-with-numbers-letters/1360552_32319513912.html?spm=2114.12010612.8148356.21.79aa519epmkg9b
Oh ok good to know thanks. I disabled pretty much all shortcuts that can access the file explorer or any settings. Also found out I had to disable the sysreq key. Thanks!
Get Outlook for Androidhttps://aka.ms/ghei36
From: bcherup [email protected] Sent: Saturday, December 15, 2018 10:08:26 AM To: guysoft/FullPageOS Cc: Brakatselos, George; Mention Subject: Re: [guysoft/FullPageOS] chromium keyboard shortcuts pose security risk to kiosk while in public areas (#264)
Attention: This email came from an external source. Do not open attachments or click on links from unknown senders or unexpected emails.
@gbrakcountyhttps://github.com/gbrakcounty
Do not use standard keyboards in public areas - Modify the existing keyboard or buy one made for public usage (kiosk type).
https://www.aliexpress.com/store/product/Custom-40-keys-IP65-fully-sealed-USB-PS2-RS232-interface-metal-keypad-keyboard-with-numbers-letters/1360552_32319513912.html?spm=2114.12010612.8148356.21.79aa519epmkg9b
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/guysoft/FullPageOS/issues/264#issuecomment-447575042, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ArFv49alk4MC6pNj7h4sgztlW13AH5d3ks5u5RBqgaJpZM4YtS-L.
You can also buy a 4 dollar keyboard from Microcenter (Inland brand) and shave off the key inserts then epoxy it back together.
On Mon, Dec 17, 2018 at 8:37 AM gbrakcounty [email protected] wrote:
Oh ok good to know thanks. I disabled pretty much all shortcuts that can access the file explorer or any settings. Also found out I had to disable the sysreq key. Thanks!
Get Outlook for Androidhttps://aka.ms/ghei36
From: bcherup [email protected] Sent: Saturday, December 15, 2018 10:08:26 AM To: guysoft/FullPageOS Cc: Brakatselos, George; Mention Subject: Re: [guysoft/FullPageOS] chromium keyboard shortcuts pose security risk to kiosk while in public areas (#264)
Attention: This email came from an external source. Do not open attachments or click on links from unknown senders or unexpected emails.
@gbrakcountyhttps://github.com/gbrakcounty
Do not use standard keyboards in public areas - Modify the existing keyboard or buy one made for public usage (kiosk type).
https://www.aliexpress.com/store/product/Custom-40-keys-IP65-fully-sealed-USB-PS2-RS232-interface-metal-keypad-keyboard-with-numbers-letters/1360552_32319513912.html?spm=2114.12010612.8148356.21.79aa519epmkg9b
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub< https://github.com/guysoft/FullPageOS/issues/264#issuecomment-447575042>, or mute the thread< https://github.com/notifications/unsubscribe-auth/ArFv49alk4MC6pNj7h4sgztlW13AH5d3ks5u5RBqgaJpZM4YtS-L
.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/guysoft/FullPageOS/issues/264#issuecomment-447847944, or mute the thread https://github.com/notifications/unsubscribe-auth/AWkIry-aZ3r2xEbEal0nQQHeknbDYijoks5u554RgaJpZM4YtS-L .
