How to pause to avoid capturing passwords?

kernc / logkeys

:memo: :keyboard: A GNU/Linux keylogger that works!

Other

748 stars 251 forks source link

How to pause to avoid capturing passwords? #216

Open MatthieuStigler opened 4 years ago

MatthieuStigler commented 4 years ago

I would like to avoid to capture my passwords in the logfile. One strategy would be to pause logkeys for a bit. Have you considered adding a -pause option? Or do you have any script to recommend to stop, wait a bit and restart (using previously selected device, possibly manually inputted)?

Thanks!

kernc commented 4 years ago

What happens if you killall -STOP logkeys and killall -CONT logkeys afterwards? Does it get the events it missed?

MatthieuStigler commented 4 years ago

Thanks for your quick answer!

This is a good idea, although the issue is that I start logkeys with sudo, so to killall I also need sudo, so the sudo password will be stored in the logfile (making it extremely easy to detect for someone who could have access to the log file).

I realize the same problem would happen if logkey had a --pause option but was started in sudo, so I guess the question is actually: what is the recommended way to use logkey in a secure way?

Thanks a lot!

kernc commented 4 years ago

Does the above sudo killall ... method work without logging your password characters, or do they backfill when the process is resumed?

MatthieuStigler commented 4 years ago

doing the first sudo killall -STOP already enters the password into the log, so it seems dangeous to use that approach?

Thanks!

mFIND commented 4 years ago

My take at this issue would be to create new script, /usr/local/etc/logkeys-pause.sh doing $(kilall -STOP logkeys), and a new program, let's say "llkp" with the same permissions as "llkk". Would this approach be acceptable?

kernc commented 4 years ago

The problem with shell scripts is that they can't setuid, so sudo password would still be required.

MatthieuStigler commented 4 years ago

it seems hence that using the method with sudo is difficult? Another approach would maybe try to not use sudo but yet to write to an encrypted file? do you have any recommendation or suggestions about this approach instead?

thanks a lot!

kernc commented 4 years ago

to write to an encrypted file?

Something like:

$ sudo logkeys ... -o - | mcrypt --force --flush > logkeys.log

$ cat logkeys.log | mcrypt --decrypt

mFIND commented 4 years ago

I know that scripts can't use setuid, that's why I suggested writing new setuid'ed program in C: That way, the script won't need setuid, since llkp would have UID=0.

#include <cstdlib>
#include <unistd.h>

int main() {
  setuid(0);
  exit(system(SYS_CONF_DIR "/logkeys-pause.sh"));  // SYS_CONF_DIR defined in CXXFLAGS in Makefile.am
}