milliken@BFLY-VAX.BBN.COM.UUCP (03/31/87)
Name:
xsecure - secure a workstation from malicious fingers
Synopsis:
xsecure [password]
Description:
This program provides a means of locking up a workstation without
logging out. It also runs a screen-saver while active.
xsecure gobbles all keyboard and mouse events until the password is
typed to it, whereupon it exits. The password defaults to the user's
login password. (The optional command line password is for the benefit
of those who are incurably paranoid about equines in Asia Minor.)
xsecure fills the screen with black and bounces a small cursor
around while running. The user's screen will be restored when xsecure
exits.
Bugs:
The password must be typed on a line by itself.
You can lock up someone else's machine if you can display to them.
(No X Cookie Monsters, please!)
The cursor will have to be fixed on machines which can't handle a
32x32 cursor.
------------------------- Tear along dotted line --------------------------
/* secure a SUN console under X */
/* Walter Milliken (milliken@bbn.com)
BBN Advanced Computers, Inc.
10 Fawcett St.
Cambridge, MA 02238 */
#include <stdio.h>
#include <pwd.h>
#include <X/Xlib.h>
char * crypt();
#define lckcurs_width 32
#define lckcurs_height 32
#define lckcurs_x_hot 16
#define lckcurs_y_hot 20
static short lckcurs_bits[] = {
0x0000, 0x0000, 0xe000, 0x0007,
0xf800, 0x001f, 0xfc00, 0x003f,
0x3e00, 0x007c, 0x0f00, 0x00f0,
0x0700, 0x00e0, 0x0380, 0x01c0,
0x0380, 0x01c0, 0x0380, 0x01c0,
0x01c0, 0x0380, 0x01c0, 0x0380,
0x01c0, 0x0380, 0x01c0, 0x0380,
0x0008, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0xc000, 0x0003,
0xe000, 0x0007, 0xf000, 0x000f,
0xf000, 0x000f, 0xf000, 0x000f,
0xe000, 0x0007, 0xc000, 0x0003,
0xc000, 0x0003, 0xc000, 0x0003,
0xc000, 0x0003, 0xc000, 0x0003,
0x0000, 0x0000, 0x0000, 0x0000,
0x0008, 0x1000, 0x0000, 0x0000};
#define lckmask_width 32
#define lckmask_height 32
static short lckmask_bits[] = {
0xe000, 0x0007, 0xf800, 0x001f,
0xfc00, 0x003f, 0xfe00, 0x007f,
0xff00, 0x00ff, 0x3f80, 0x01fc,
0x0f80, 0x01f0, 0x07c0, 0x03e0,
0x07c0, 0x03e0, 0x07c0, 0x03e0,
0x03e0, 0x07c0, 0x03e0, 0x07c0,
0x03e0, 0x07c0, 0x03f0, 0x0fc0,
0xfff0, 0x0fff, 0xfff8, 0x1fff,
0xfff8, 0x1fff, 0xfff8, 0x1fff,
0xfff8, 0x1fff, 0xfff8, 0x1fff,
0xfff8, 0x1fff, 0xfff8, 0x1fff,
0xfff8, 0x1fff, 0xfff8, 0x1fff,
0xfff8, 0x1fff, 0xfff8, 0x1fff,
0xfff8, 0x1fff, 0xfff8, 0x1fff,
0xfff8, 0x1fff, 0xfff8, 0x1fff,
0xfff0, 0x0fff, 0x0000, 0x0000};
struct passwd * pw;
Display * dsp;
OpaqueFrame frame;
Window w;
Cursor mycursor;
XEvent evt;
XKeyPressedEvent * kpevt;
ReadXString(s, slen)
char * s;
int slen;
{
int bp;
char c;
int n;
char * keystr;
bp = 0;
c = 'x';
while (c != '\r') {
if (XPending() == 0) {
XWarpMouse(w, (random() % (DisplayWidth()-64))+32,
(random() % (DisplayHeight()-64))+32);
sleep(2);
}
else {
XNextEvent(&evt);
if (evt.type == KeyPressed) {
keystr = XLookupMapping(kpevt, &n);
if (n>0) {
c = keystr[0];
if (c == '\r') s[bp] = '\0';
else s[bp] = c;
if (bp < slen-1) bp++;
}
}
else ; /* discard other events */
}
}
}
main(argc, argv)
int argc;
char * argv[];
{
char geometry[40];
char buf[200];
char * pass;
char cryptpass[20];
char * s;
int n;
int i;
int done;
pw = getpwuid(getuid());
if (argc == 1) pass = pw->pw_passwd;
else if (argc == 2) {
pass = crypt(argv[1], pw->pw_passwd);
strcpy(cryptpass, pass);
pass = cryptpass;
}
else {
fprintf(stderr, "usage: %s [<lock password>]\n", argv[0]);
exit(1);
}
kpevt = (XKeyPressedEvent *) &evt;
dsp = XOpenDisplay(NULL);
mycursor = XCreateCursor(lckcurs_width, lckcurs_height, lckcurs_bits,
lckmask_bits, lckcurs_x_hot, lckcurs_y_hot,
BlackPixel, WhitePixel, GXcopy);
frame.bdrwidth = 0;
frame.border = BlackPixmap;
frame.background = BlackPixmap;
sprintf(geometry, "%dx%d+0+0", DisplayWidth(), DisplayHeight());
w = XCreate(argv[0], argv[0], geometry, "", &frame, 10, 10);
XSelectInput(w, KeyPressed);
XMapWindow(w);
XFocusKeyboard(w);
XGrabMouse(w, mycursor, -1);
do {
ReadXString(buf, 200);
s = crypt(buf, pw->pw_passwd);
} while (! (strcmp(s, pass) == 0));
XUngrabMouse();
XFocusKeyboard(RootWindow);
XDestroyWindow(w);
XFlush();
}thomas@spline.UUCP (04/03/87)
This program is not very secure if you use the command line password.
Someone need only log into your machine and do a 'ps', and presto!
they have your password. Better to require typing it to the program
upon startup. This can fix one of the bugs: other people being able
to lock your screen. If you require the user to type the password upon
startup, then he/she will know what it is and will be able to get out.
=Spencer ({ihnp4,decvax}!utah-cs!thomas, thomas@cs.utah.edu)jonah@uwocsd.UUCP.UUCP (04/04/87)
The following is a slightly more secure version of a program recently
posted by Walter Milliken. Unfortunately, it was all too easy for a
knowledgeable user to subvert the original version. The following is
more robust in that it tries to recover from malicious tampering with
the window environment.
---
Jeff Lee, Research Associate, Department of Computer Science
The University of Western Ontario, London Canada, N6A 5B7
jonah@uwocsd.UWO.CDN, jonah@uwocsd.UUCP, decvax!utzoo!deepthot!jonah
------------------------------Tear Here-----------------------------
: To unbundle, sh this file
echo xsecure.1 1>&2
cat >xsecure.1 <<'--End of xsecure.1--'
TH XSECURE 1 "2 April 1987" "X Version 10"
SH NAME
xsecure - secure a workstation from malicious fingers
SH SYNOPSIS
B xsecure
[password]
SH DESCRIPTION
This program provides a means of locking up a workstation without
logging out. It also runs as a screen-saver while active.
PP
B xsecure
gobbles all keyboard and mouse events until the password is
typed to it, whereupon it exits. The password defaults to the user's
login password. (The optional command line password is for the benefit
of those who are incurably paranoid about equines in Asia Minor.)
PP
B xsecure
fills the screen with black and bounces a small cursor
around while running. The user's screen will be restored when xsecure
exits.
SH BUGS
The password must be typed on a line by itself.
PP
You can lock up someone else's machine if you can display to them.
(No X Cookie Monsters, please!)
PP
The cursor will have to be fixed on machines which can't handle a
32x32 cursor.
PP
It is possible to interfere with the
B xsecure
window remotely.
On the other hand, it is reasonably secure in a non-hostile
evnironment.
--End of xsecure.1--
echo xsecure.c 1>&2
cat >xsecure.c <<'--End of xsecure.c--'
/* secure a SUN console under X */
/* Walter Milliken (milliken@bbn.com)
BBN Advanced Computers, Inc.
10 Fawcett St.
Cambridge, MA 02238
modified for paranoids by:
Jeff Lee, (jonah@uwocsd.UUCP)
Department of Computer Science
The University of Western Ontario,
London Canada, N6A 5B7
*/
#include <stdio.h>
#include <pwd.h>
#include <X/Xlib.h>
char * crypt();
char geometry[40];
#define lckcurs_width 32
#define lckcurs_height 32
#define lckcurs_x_hot 16
#define lckcurs_y_hot 20
static short lckcurs_bits[] = {
0x0000, 0x0000, 0xe000, 0x0007,
0xf800, 0x001f, 0xfc00, 0x003f,
0x3e00, 0x007c, 0x0f00, 0x00f0,
0x0700, 0x00e0, 0x0380, 0x01c0,
0x0380, 0x01c0, 0x0380, 0x01c0,
0x01c0, 0x0380, 0x01c0, 0x0380,
0x01c0, 0x0380, 0x01c0, 0x0380,
0x0008, 0x0000, 0x0000, 0x0000,
0x0000, 0x0000, 0xc000, 0x0003,
0xe000, 0x0007, 0xf000, 0x000f,
0xf000, 0x000f, 0xf000, 0x000f,
0xe000, 0x0007, 0xc000, 0x0003,
0xc000, 0x0003, 0xc000, 0x0003,
0xc000, 0x0003, 0xc000, 0x0003,
0x0000, 0x0000, 0x0000, 0x0000,
0x0008, 0x1000, 0x0000, 0x0000};
#define lckmask_width 32
#define lckmask_height 32
static short lckmask_bits[] = {
0xe000, 0x0007, 0xf800, 0x001f,
0xfc00, 0x003f, 0xfe00, 0x007f,
0xff00, 0x00ff, 0x3f80, 0x01fc,
0x0f80, 0x01f0, 0x07c0, 0x03e0,
0x07c0, 0x03e0, 0x07c0, 0x03e0,
0x03e0, 0x07c0, 0x03e0, 0x07c0,
0x03e0, 0x07c0, 0x03f0, 0x0fc0,
0xfff0, 0x0fff, 0xfff8, 0x1fff,
0xfff8, 0x1fff, 0xfff8, 0x1fff,
0xfff8, 0x1fff, 0xfff8, 0x1fff,
0xfff8, 0x1fff, 0xfff8, 0x1fff,
0xfff8, 0x1fff, 0xfff8, 0x1fff,
0xfff8, 0x1fff, 0xfff8, 0x1fff,
0xfff8, 0x1fff, 0xfff8, 0x1fff,
0xfff8, 0x1fff, 0xfff8, 0x1fff,
0xfff0, 0x0fff, 0x0000, 0x0000};
struct passwd * pw;
Display * dsp;
OpaqueFrame frame;
Window w;
Cursor mycursor;
XEvent evt;
XKeyPressedEvent * kpevt;
ReadXString(s, slen)
char * s;
int slen;
{
int bp;
char c;
int n;
char * keystr;
WindowInfo info;
bp = 0;
c = 'x';
while (c != 'r') {
if (XPending() == 0) {
/* speaking of paranoid, lets make sure no one is playing around */
if (XQueryWindow(w,&info)) {
/* make sure that the window still covers the screen */
XConfigureWindow(w,0,0,DisplayWidth(),DisplayHeight());
XMapWindow(w);
}
else {
/* the window died(?) so make a new one */
w = XCreate("xsecure","xsecure",geometry,"",&frame,10,10);
XSelectInput(w, KeyPressed);
XMapWindow(w);
}
XWarpMouse(w, (random() % (DisplayWidth()-64))+32,
(random() % (DisplayHeight()-64))+32);
/* make sure we are still getting keyboard and mouse events */
XFocusKeyboard(w);
XGrabMouse(w, mycursor, -1);
sleep(2);
}
else {
XNextEvent(&evt);
if (evt.type == KeyPressed) {
keystr = XLookupMapping(kpevt, &n);
if (n>0) {
c = keystr[0];
if (c == 'r') s[bp] = '0';
else s[bp] = c;
if (bp < slen-1) bp++;
}
}
else ; /* discard other events */
}
}
}
main(argc, argv)
int argc;
char * argv[];
{
char buf[200];
char * pass;
char cryptpass[20];
char * s;
int n;
int i;
int done;
pw = getpwuid(getuid());
if (argc == 1) pass = pw->pw_passwd;
else if (argc == 2) {
pass = crypt(argv[1], pw->pw_passwd);
strcpy(cryptpass, pass);
pass = cryptpass;
}
else {
fprintf(stderr, "usage: %s [<lock password>]n", argv[0]);
exit(1);
}
kpevt = (XKeyPressedEvent *) &evt;
dsp = XOpenDisplay(NULL);
mycursor = XCreateCursor(lckcurs_width, lckcurs_height, lckcurs_bits,
lckmask_bits, lckcurs_x_hot, lckcurs_y_hot,
BlackPixel, WhitePixel, GXcopy);
frame.bdrwidth = 0;
frame.border = BlackPixmap;
frame.background = BlackPixmap;
sprintf(geometry, "%dx%d+0+0", DisplayWidth(), DisplayHeight());
w = XCreate(argv[0], argv[0], geometry, "", &frame, 10, 10);
XSelectInput(w, KeyPressed);
XMapWindow(w);
XFocusKeyboard(w);
XGrabMouse(w, mycursor, -1);
do {
ReadXString(buf, 200);
s = crypt(buf, pw->pw_passwd);
} while (! (strcmp(s, pass) == 0));
XUngrabMouse();
XFocusKeyboard(RootWindow);
XDestroyWindow(w);
XFlush();
}
--End of xsecure.c--