Re: Kernel extensions and code injection?
Re: Kernel extensions and code injection?
- Subject: Re: Kernel extensions and code injection?
- From: "Brian Kendall" <email@hidden>
- Date: Thu, 17 Feb 2005 18:41:31 -0500
- Organization: Qrrbrbirlbel
As I understand it, the only thing that comes close in userland (meaning
you wouldn't need to be root or admin to do it) is you can install an
event handler on the event monitor target, which was new to Panther.
However, it only lets you receive and monitor events (and not intercept
events), and in the case of privacy concerns, any key event typed in a
password text field is not sent to the event monitor, so it's more or less
useless for spyware stuff.
(Although, now that I think about it, being able to intercept mouse events
wouldn't that useful for spyware either. If the idea is to take control
of the mouse, there's ways to do that already incidentally. Fortunately
no one has written anything malicious using it that I know of.)
- Brian
I don't have a solution or even any real data for TOP, but I would like
to inject a comment into the discussion.
I certainly hope that if there is a way to do this _without_ installing
a kernel extension that it operates in a secure manner. I should have to
authenticate as an admin on the system to get such a thing installed
even when running under and admin account. Otherwise this would be an
obvious path to bring all manner of spyware to the platform.
My $0.02.
-Mike
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-kernel mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden