Open emdete opened 7 years ago
andrewdavidwong
commented
7 years ago this may be a security feature but i don't know why this would increase security
If this were enabled, would it allow a single compromised VM to "DoS" the whole system by hiding the cursor system-wide?
@marmarek: What do you think? Feature or bug?
marmarek
commented
7 years ago Hiding mouse cursor system-wide is no-go, exactly for the reason @andrewdavidwong said. But there may be an option to hide a cursor when mouse is inside that [requesting] VM window. Probably can be useful together with allowing fullscreen windows. Related to #1551, with similar impact security-wise. Actually #1551 could be used to implement this one - set cursor "shape" to fully transparent one.
One more thing requiring substantial knowledge of X11 protocol...
ghost
commented
6 years ago Same here on Qubes R.4.0
mfc
commented
4 years ago could there be a keyboard shortcut for hiding/unhiding cursor, coming from dom0?
apparently there is a unclutter app in Fedora repos that hides the cursor when it is not being used, last packaged for f29:
https://koji.fedoraproject.org/koji/packageinfo?packageID=8139
there is also a rewrite here: https://github.com/Airblader/unclutter-xfixes
and a program called xbanish: https://github.com/jcs/xbanish
vecna13
commented
3 years ago could there be a keyboard shortcut for hiding/unhiding cursor, coming from dom0? That's how I handle this, and it works well for me.
unclutter in dom0toggle-unclutter script (and make it executable)#!/bin/sh
if pgrep unclutter &> /dev/null 2>&1
then
killall unclutter
else
unclutter -idle 1 &
fi(-idle 1 hides the cursor after 1 second of non-movement. Change it as desired.)
toggle-unclutter in dom0 settings > Keyboard > Application Shortcuts
iacore
commented
2 years ago Is this really a security vulnerability to allow hidden cursor? X11 cursors are per-window, and if your cursor is invisible in one window, shaking your mouse will make the cursor appear.
The problem is currently how to intercept XFixes requests for hiding the cursor. Some applications want to set a transparent image as cursor, which is harder to handle.
DemiMarie
commented
2 years ago Is this really a security vulnerability to allow hidden cursor? X11 cursors are per-window, and if your cursor is invisible in one window, shaking your mouse will make the cursor appear.
Per-window, probably not.
The problem is currently how to intercept XFixes requests for hiding the cursor. Some applications want to set a transparent image as cursor, which is harder to handle.
That is indeed the hard part. It would require modifications to both the GUI agent and GUI daemon. Would you be interested in making a PR?
iacore
commented
2 years ago PR:
marmarek
commented
2 years ago linux gui agent: no idea how to capture XFixes request
Here is xfixes events processing: https://github.com/QubesOS/qubes-gui-agent-linux/blob/master/gui-agent/vmside.c#L354-L378 I hope that helps...
iacore
commented
2 years ago Found a bit concerning stuff. https://github.com/QubesOS/qubes-gui-agent-linux/blob/e7fa68432e17387437eff4c078d51ef3d08c1d08/gui-agent/vmside.c#L375
Documentation for XFixes §7.2 says the cursor name field is for XFixes version 2 only, so maybe the field is not to be used.
Also, the documentation is for xfixes version 5, but the latest header file is on major version 6 (XFIXES_MAJOR).
iacore
commented
2 years ago From the same documentation for XFixes, there isn't a way to check if the cursor is visible or not. No event, no function call. We have to either amend XFixes or intercept traffic to X server to check cursor visibility.
Or maybe there is a way to listen to X requests? We might as well ship unclutter in dom0 by default and write a GUI tool for it.
Unrelated questions:
marmarek
commented
2 years ago Documentation for XFixes §7.2 says the cursor name field is for XFixes version 2 only, so maybe the field is not to be used.
Interesting, although it works in practice... (with some exceptions).
No event, no function call.
Indeed, I don't see anything either.
We have to either amend XFixes or intercept traffic to X server to check cursor visibility.
Neither of those sound good...
We might as well ship
unclutterin dom0 by default and write a GUI tool for it.
I guess that's the way to go, sadly.
Is there a plan to move gui repos into a monorepo? This makes possible to have 1 pull request for one change.
I understand why it's tempting, but those parts have significantly different trust level and we'd like to keep them separate (gui-agent doesn't need to be that resistant against malicious gui-daemon than the other way around; and we'd like to avoid not-so-careful change to gui-agent compromising gui-daemon by accident). Plus, there is one gui-daemon, while a few gui-agents (linux-x11, windows, and in progress linux-wayland).
X is so broken. Is there a plan to switch to wayland?
Yes, it's in progress https://github.com/QubesOS/qubes-issues/issues/3366
DemiMarie
commented
2 years ago We have to either amend XFixes or intercept traffic to X server to check cursor visibility.
Neither of those sound good...
Patch the X server?
marmarek
commented
2 years ago Neither of those sound good...
Patch the X server?
Let me repeat more clearly: no.
iacore
commented
2 years ago Patch the X server?
I still feel like this is the correct way to fix this problem. The easiest way is to patch
/lib64/libXfixes.so.3.1.0 :
0000000000002bc0 <XFixesHideCursor@@Base>:
2bd6: 74 70 je 2c48 <XFixesHideCursor@@Base+0x88>
2be0: 74 66 je 2c48 <XFixesHideCursor@@Base+0x88>
2be6: 7e 60 jle 2c48 <XFixesHideCursor@@Base+0x88>
2bf2: 74 05 je 2bf9 <XFixesHideCursor@@Base+0x39>
2c26: 74 06 je 2c2e <XFixesHideCursor@@Base+0x6e>
2c38: 74 0e je 2c48 <XFixesHideCursor@@Base+0x88>use SendEvent to generate custom event that can be listened to in gui agent. Applications using this dynamic library will all behave correctly then.
DemiMarie
commented
2 years ago Patch the X server? I still feel like this is the correct way to fix this problem. The easiest way is to patch
/lib64/libXfixes.so.3.1.0 : 0000000000002bc0 <XFixesHideCursor@@Base>: 2bd6: 74 70 je 2c48 <XFixesHideCursor@@Base+0x88> 2be0: 74 66 je 2c48 <XFixesHideCursor@@Base+0x88> 2be6: 7e 60 jle 2c48 <XFixesHideCursor@@Base+0x88> 2bf2: 74 05 je 2bf9 <XFixesHideCursor@@Base+0x39> 2c26: 74 06 je 2c2e <XFixesHideCursor@@Base+0x6e> 2c38: 74 0e je 2c48 <XFixesHideCursor@@Base+0x88>use
SendEventto generate custom event that can be listened to in gui agent. Applications using this dynamic library will all behave correctly then.
What about applications using XCB?
iacore
commented
2 years ago Hope for Wayland support?
lubellier
commented
1 year ago Another solution : a keyboard shortcut hides your cursor (by switching to a blank/invisible cursor).
Install a blank cursor to your cursor theme (here Adwaita):
[user@dom0 ~]$ cat blank
#define blank_width 1
#define blank_height 1
#define blank_x_hot 0
#define blank_y_hot 0
static unsigned char blank_bits[] = {
0x00 };
[user@dom0 ~]$ sudo cp blank /usr/share/icons/Adwaita/cursors/Test switching to the blank cursor and go back to the default cursor:
[user@dom0 ~]$ xsetroot -cursor blank blank
[user@dom0 ~]$ xsetroot -cursor_name left_ptrAdd the keyboard shortcuts: XFCE setting > Keyboard > shortcuts
xsetroot -cursor_name left_ptrxsetroot -cursor blank blankUsage:
I daily use this solution.
Related forum topic : https://forum.qubes-os.org/t/how-to-get-the-mouse-cursor-disappear-when-playing-a-video/17578/2
Qubes OS version (e.g.,
R3.2):3.2
Affected TemplateVMs (e.g.,
fedora-23, if applicable):Expected behavior:
if a program requests the mouse cursor is hidden (very useful for slideshows, viewing videos or even in the terminal (rxvt with pointerBlank))
Actual behavior:
mouse pointer still visible
Steps to reproduce the behavior:
use any progranm that tries to hide the pointer
General notes:
this may be a security feature but i don't know why this would increase security so i assume it's more a missing feature like #2642?