logkeys icon indicating copy to clipboard operation
logkeys copied to clipboard
verified publisher icon kernc

How to pause to avoid capturing passwords?

Open MatthieuStigler opened this issue 5 years ago • 9 comments

Hi

I would like to avoid to capture my passwords in the logfile. One strategy would be to pause logkeys for a bit. Have you considered adding a -pause option? Or do you have any script to recommend to stop, wait a bit and restart (using previously selected device, possibly manually inputted)?

Thanks!

MatthieuStigler avatar May 14 '20 19:05 MatthieuStigler

What happens if you killall -STOP logkeys and killall -CONT logkeys afterwards? Does it get the events it missed?

kernc avatar May 14 '20 19:05 kernc

Thanks for your quick answer!

This is a good idea, although the issue is that I start logkeys with sudo, so to killall I also need sudo, so the sudo password will be stored in the logfile (making it extremely easy to detect for someone who could have access to the log file).

I realize the same problem would happen if logkey had a --pause option but was started in sudo, so I guess the question is actually: what is the recommended way to use logkey in a secure way?

Thanks a lot!

MatthieuStigler avatar May 14 '20 21:05 MatthieuStigler

Does the above sudo killall ... method work without logging your password characters, or do they backfill when the process is resumed?

kernc avatar May 15 '20 02:05 kernc

doing the first sudo killall -STOP already enters the password into the log, so it seems dangeous to use that approach?

Thanks!

MatthieuStigler avatar May 17 '20 16:05 MatthieuStigler

My take at this issue would be to create new script, /usr/local/etc/logkeys-pause.sh doing $(kilall -STOP logkeys), and a new program, let's say "llkp" with the same permissions as "llkk". Would this approach be acceptable?

mFIND avatar May 19 '20 12:05 mFIND

The problem with shell scripts is that they can't setuid, so sudo password would still be required.

kernc avatar May 19 '20 16:05 kernc

it seems hence that using the method with sudo is difficult? Another approach would maybe try to not use sudo but yet to write to an encrypted file? do you have any recommendation or suggestions about this approach instead?

thanks a lot!

MatthieuStigler avatar May 19 '20 22:05 MatthieuStigler

to write to an encrypted file?

Something like:

$ sudo logkeys ... -o - | mcrypt --force --flush > logkeys.log

$ cat logkeys.log | mcrypt --decrypt

kernc avatar May 20 '20 00:05 kernc

I know that scripts can't use setuid, that's why I suggested writing new setuid'ed program in C: That way, the script won't need setuid, since llkp would have UID=0.

#include <cstdlib>
#include <unistd.h>

int main() {
  setuid(0);
  exit(system(SYS_CONF_DIR "/logkeys-pause.sh"));  // SYS_CONF_DIR defined in CXXFLAGS in Makefile.am
}

mFIND avatar May 20 '20 10:05 mFIND