X-Window security: How to disallow window manipulation (closing, resizing, moving)

X-Window security: How to disallow window manipulation (closing, resizing, moving)

Post by Frank Joerden » Tue, 06 Mar 2001 00:43:29



I've been asked to think about how to make a computer (running Linux or NT; the app runs
on both) airtight as a terminal in an exhibition area, where it is open to the public but
where it must not be possible to access anything but the application that is open on the
screen, or to close it, or do anything besides using that app. This is probably not very
difficult to do, seeing that the keyboard would be locked away anyway. In other words, all
you need to do is disable all the window controls that are accessible to the mouse (how do
you do that?) and then make sure that there is no 'Quit' function available within the
app, or if that's not possible, restart the app whenever it's being closed (run it from
inittab with respawn??) from within.

Does anyone have pointers to Howtos or FAQs or the like about this kind of thing?

Thanks, Frank

 
 
 

X-Window security: How to disallow window manipulation (closing, resizing, moving)

Post by a.. » Tue, 06 Mar 2001 01:19:26


Run it in a while true; do  loop maybe? -Ali

--
"neener, neener, neener ;)"  -- Anonymous

 
 
 

X-Window security: How to disallow window manipulation (closing, resizing, moving)

Post by Frank Joerden » Tue, 06 Mar 2001 01:28:53



> Run it in a while true; do  loop maybe? -Ali

I forgot to mention: I don't have access to the applications's source code; it's a
commercial, payware, closed-source thing.

Regards, Frank

 
 
 

X-Window security: How to disallow window manipulation (closing, resizing, moving)

Post by Travis Case » Tue, 06 Mar 2001 01:57:34




>> Run it in a while true; do  loop maybe? -Ali

> I forgot to mention: I don't have access to the applications's source
> code; it's a commercial, payware, closed-source thing.

I think he probably means "run it from a script, using a loop so that if
the user exits the program, it simply starts up again."

--

       /,`.-'`'    -.  ;-;;,_   No one agrees with me.  Not even me.
      |,4-  ) )-,_..;\ (  `'-'
     '---''(_/--'  `-'\_)

 
 
 

X-Window security: How to disallow window manipulation (closing, resizing, moving)

Post by Travis Case » Tue, 06 Mar 2001 01:57:39



> I've been asked to think about how to make a computer (running Linux or
> NT; the app runs on both) airtight as a terminal in an exhibition area,
> where it is open to the public but where it must not be possible to access
> anything but the application that is open on the screen, or to close it,
> or do anything besides using that app. This is probably not very difficult
> to do, seeing that the keyboard would be locked away anyway. In other
> words, all you need to do is disable all the window controls that are
> accessible to the mouse (how do you do that?) and then make sure that
> there is no 'Quit' function available within the app, or if that's not
> possible, restart the app whenever it's being closed (run it from inittab
> with respawn??) from within.

On Linux, you can run it without a window manager -- then there won't *be*
any window controls accessible to the mouse.  You'd probably want to use
command-line options to make it use the full screen, so there won't be a
bunch of "empty space" around the app.  Most X apps have a way to specify
the geometry from the command line.

To keep people from closing it, you can run it from a script that loops so
as to restart the app whenever it's closed.  Since the keyboard is locked
away, anyone selecting "quit" won't be able to press control-C or anything
else like that while the script is executing.

--

       /,`.-'`'    -.  ;-;;,_   No one agrees with me.  Not even me.
      |,4-  ) )-,_..;\ (  `'-'
     '---''(_/--'  `-'\_)

 
 
 

X-Window security: How to disallow window manipulation (closing, resizing, moving)

Post by Tim Hayne » Tue, 06 Mar 2001 02:01:16




> >  Run it in a while true; do loop maybe? -Ali

> I forgot to mention: I don't have access to the applications's source code;
> it's a commercial, payware, closed-source thing.

Ali's suggestion is then a reasonable one.

If, as I assume, it requires X, then put it in a while-true loop, by all
means, and don't run any window mangler (or if you really must, then go for
sawfish and map all button-clicks in the root window to a null function).

Alternatively, write a shell script that kills X, starts X, starts the app
into that X window, and run it from inittab in a runlevel all its own.

Make sure the app has no way to spawn a shell. If it has, and it's closed-
source stuff, then you're screwed.

~Tim
--

Sometimes you're the statue.                 |http://spodzone.org.uk/

 
 
 

X-Window security: How to disallow window manipulation (closing, resizing, moving)

Post by Andreas Moh » Tue, 06 Mar 2001 02:18:00



> I've been asked to think about how to make a computer (running Linux or NT; the app runs
> on both) airtight as a terminal in an exhibition area, where it is open to the public but

-> schule.schueler.linux, thread "surfstation".

Andreas Mohr

 
 
 

X-Window security: How to disallow window manipulation (closing, resizing, moving)

Post by Frank Joerden » Tue, 06 Mar 2001 02:17:06


[ . . . ]

Quote:> On Linux, you can run it without a window manager -- then there won't *be*
> any window controls accessible to the mouse.

How? I must confess that I never spent much energy on trying to understand how X windowing
really works . . . and I still find it a tad confusing. Normally I just run whatever X
server configuration tool is at hand, and then run 'startx' which is configured to start
the server with my favourite window manager (I mainly use Linux as a server OS, for samba,
netatalk, apache, postgresql and the like, so I don't usually want a windowing system).
Can you just start the X server by itself and the type xterm & and you'll have a terminal
all by itself?

[ . . . ]

Quote:> To keep people from closing it, you can run it from a script that loops so
> as to restart the app whenever it's closed.

How does the script know that someone closed the application?

Cheers!

- Frank

 
 
 

X-Window security: How to disallow window manipulation (closing, resizing, moving)

Post by Frank Joerden » Tue, 06 Mar 2001 02:22:01


[ . . . ]

Quote:> Alternatively, write a shell script that kills X, starts X, starts the app
> into that X window, and run it from inittab in a runlevel all its own.

That sounds like I'd want to give it try!

Thanks,

Frank

 
 
 

X-Window security: How to disallow window manipulation (closing, resizing, moving)

Post by Travis Case » Tue, 06 Mar 2001 03:37:37




>> On Linux, you can run it without a window manager -- then there won't
>> *be* any window controls accessible to the mouse.

> How? I must confess that I never spent much energy on trying to understand
> how X windowing really works . . . and I still find it a tad confusing.
> Normally I just run whatever X server configuration tool is at hand, and
> then run 'startx' which is configured to start the server with my
> favourite window manager (I mainly use Linux as a server OS, for samba,
> netatalk, apache, postgresql and the like, so I don't usually want a
> windowing system). Can you just start the X server by itself and the type
> xterm & and you'll have a terminal all by itself?

startx is just a script that's used to make starting up X and a bunch of
applications more convenient.  It looks in the user's home directory for a
couple of different files (.xinitrc and .xserverrc) and, if it finds them,
passes them to xinit as parameters.  If it doesn't find them, it has
default scripts that it uses.

xinit, in turn, simply starts up the client and server it's told to (which
can be scripts).  It also has defaults for what it does (run an xterm as a
client, and X (which is generally a link to an X server program) as the
server).

As for your example... in theory, yes.  However, in practice, if you're on
the console, once you start the X server, you won't have anywhere to type
into.  Under Linux and XFree, however, you could use the control-alt-Fkey
combination to get another terminal, log into it, and then start an xterm
from there.

When the client exits, xinit stops the server as well.  Generally, the
"client" is a script which starts some programs in the background, then
execs a window manager (which means that when the window manager exits,
xinit will see the client exit, and then kill the X server.  That's how a
window manager stops X.  If you set things up so that the window manager
*isn't* the last thing run, you can stop the window manager and all your
other applications will keep going).  However, you can have the client be
just about anything you want -- for example:

---------------------------------------------
#!/bin/sh
# script to run netscape in a loop

while 1; do
  /bin/netscape
done
---------------------------------------------

could be the "client".  Since this script will never exit normally, xinit
will never kill the X server.  If the user exits Netscape, it'll get
started again.  If Netscape dumps core and halts, it'll get started again.

Quote:> [ . . . ]
>> To keep people from closing it, you can run it from a script that loops
>> so as to restart the app whenever it's closed.

> How does the script know that someone closed the application?

When the application exits.  Take the script above; since netscape isn't
run in the background, when netscape exits, the script will continue on,
hit the "done", go to the "do", and run netscape again.

On a machine running XDM or another display manager, there will often be a
"failsafe" choice for logging in.  Generally, that gives you xinit's
default -- an xterm and no window manager.  You can then use the xterm to
start a window manager if you want one.  

--

       /,`.-'`'    -.  ;-;;,_   No one agrees with me.  Not even me.
      |,4-  ) )-,_..;\ (  `'-'
     '---''(_/--'  `-'\_)

 
 
 

X-Window security: How to disallow window manipulation (closing, resizing, moving)

Post by John Thompso » Tue, 06 Mar 2001 04:13:18



> I've been asked to think about how to make a computer (running Linux or NT; the app runs
> on both) airtight as a terminal in an exhibition area, where it is open to the public but
> where it must not be possible to access anything but the application that is open on the
> screen, or to close it, or do anything besides using that app. This is probably not very
> difficult to do, seeing that the keyboard would be locked away anyway. In other words, all
> you need to do is disable all the window controls that are accessible to the mouse (how do
> you do that?) and then make sure that there is no 'Quit' function available within the
> app, or if that's not possible, restart the app whenever it's being closed (run it from
> inittab with respawn??) from within.

Here's my guess: don't run a window manager.  Instead, set up
your xinitrc to run your application directly.  Without the
window manager you  won't have any of the window controls and
such.  Of course, if your application requires scroll bars or
other niceties you may have a problem.

--


 
 
 

X-Window security: How to disallow window manipulation (closing, resizing, moving)

Post by Jim Willi » Wed, 07 Mar 2001 23:04:26


Check out panacea on freshmeat http://freshmeat.net/projects/panacea/
Currently it's just a script you run after a RH6.x installation to lockdown
a box for public access. It takes care of pretty much everything for you. I
wrote it so I could easily deploy several dozen boxen in a public library to
function as web-browsing kiosks. The next version which is a day or so from
being posted addresses several additional security issues. (I'm currently
re-IP addressing an entire library system single-handedly, so if there's a
delay in getting it up, that's why ;-). Email me directly if you have any
questions.
Jim



> I've been asked to think about how to make a computer (running Linux or NT;
> the app runs
> on both) airtight as a terminal in an exhibition area, where it is open to the
> public but
> where it must not be possible to access anything but the application that is
> open on the
> screen, or to close it, or do anything besides using that app. This is
> probably not very
> difficult to do, seeing that the keyboard would be locked away anyway. In
> other words, all
> you need to do is disable all the window controls that are accessible to the
> mouse (how do
> you do that?) and then make sure that there is no 'Quit' function available
> within the
> app, or if that's not possible, restart the app whenever it's being closed
> (run it from
> inittab with respawn??) from within.

> Does anyone have pointers to Howtos or FAQs or the like about this kind of
> thing?

> Thanks, Frank

 
 
 

X-Window security: How to disallow window manipulation (closing, resizing, moving)

Post by Michael Erskin » Sat, 10 Mar 2001 10:04:16


When you look for holes in the app you want to stay up.  Look also into
any edited fields... sometimes the common escape sequences for different
editors will drop you to a shell.

This seems to be a common error in many commercial apps that are
intended
to put a wrapper around the luser but which require him to be able to
edit something (email) for example.

If you find something like that.  See if you can replace the binary it
is calling with something that you can secure.  Just copy it over the
called exec and it will get called instead...  your milage will vary.

-m-

> Make sure the app has no way to spawn a shell. If it has, and it's closed-
> source stuff, then you're screwed.

> ~Tim
> --

> Sometimes you're the statue.                 |http://spodzone.org.uk/