Logging level in secure mode #1435

Closed
nvaccessAuto opened this Issue Mar 28, 2011 · 3 comments

1 participant

@nvaccessAuto

Reported by tspivey on 2011-03-28 02:52
In secure mode, the logging level can be adjusted. This makes it possible to log
all keystrokes typed to the nvda.log file for that session.

The usefulness of this as an attack technique is questionable because the log file is only
readable by administrators, but the log is still being
written to disk, and could easily be read by a rescue system.

Would it be a large issue if logging was disabled in secure mode? If something
needed to be debugged on the secure desktop, the serviceDebug registry key could be set to disable secure mode.

@nvaccessAuto

Comment 1 by jteh on 2011-03-28 02:57
Changes:
Milestone changed from None to 2011.2

@nvaccessAuto

Comment 2 by jteh on 2011-03-28 07:20
Changes:
Milestone changed from 2011.2 to 2011.1.1

@nvaccessAuto

Comment 3 by jteh on 2011-03-29 08:56
Fixed in 0209c08.
Changes:
State: closed

@nvaccessAuto nvaccessAuto added this to the 2011.1.1 milestone Nov 10, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment