Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Logging level in secure mode #1435

Closed
nvaccessAuto opened this issue Mar 28, 2011 · 3 comments
Closed

Logging level in secure mode #1435

nvaccessAuto opened this issue Mar 28, 2011 · 3 comments

Comments

@nvaccessAuto
Copy link

@nvaccessAuto nvaccessAuto commented Mar 28, 2011

Reported by tspivey on 2011-03-28 02:52
In secure mode, the logging level can be adjusted. This makes it possible to log
all keystrokes typed to the nvda.log file for that session.

The usefulness of this as an attack technique is questionable because the log file is only
readable by administrators, but the log is still being
written to disk, and could easily be read by a rescue system.

Would it be a large issue if logging was disabled in secure mode? If something
needed to be debugged on the secure desktop, the serviceDebug registry key could be set to disable secure mode.

@nvaccessAuto
Copy link
Author

@nvaccessAuto nvaccessAuto commented Mar 28, 2011

Comment 1 by jteh on 2011-03-28 02:57
Changes:
Milestone changed from None to 2011.2

@nvaccessAuto
Copy link
Author

@nvaccessAuto nvaccessAuto commented Mar 28, 2011

Comment 2 by jteh on 2011-03-28 07:20
Changes:
Milestone changed from 2011.2 to 2011.1.1

@nvaccessAuto
Copy link
Author

@nvaccessAuto nvaccessAuto commented Mar 29, 2011

Comment 3 by jteh on 2011-03-29 08:56
Fixed in 0209c08.
Changes:
State: closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant