Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Logging level in secure mode #1435

Closed
nvaccessAuto opened this issue Mar 28, 2011 · 3 comments

Comments

Projects
None yet
1 participant
@nvaccessAuto
Copy link

commented Mar 28, 2011

Reported by tspivey on 2011-03-28 02:52
In secure mode, the logging level can be adjusted. This makes it possible to log
all keystrokes typed to the nvda.log file for that session.

The usefulness of this as an attack technique is questionable because the log file is only
readable by administrators, but the log is still being
written to disk, and could easily be read by a rescue system.

Would it be a large issue if logging was disabled in secure mode? If something
needed to be debugged on the secure desktop, the serviceDebug registry key could be set to disable secure mode.

@nvaccessAuto

This comment has been minimized.

Copy link
Author

commented Mar 28, 2011

Comment 1 by jteh on 2011-03-28 02:57
Changes:
Milestone changed from None to 2011.2

@nvaccessAuto

This comment has been minimized.

Copy link
Author

commented Mar 28, 2011

Comment 2 by jteh on 2011-03-28 07:20
Changes:
Milestone changed from 2011.2 to 2011.1.1

@nvaccessAuto

This comment has been minimized.

Copy link
Author

commented Mar 29, 2011

Comment 3 by jteh on 2011-03-29 08:56
Fixed in 0209c08.
Changes:
State: closed

@nvaccessAuto nvaccessAuto added this to the 2011.1.1 milestone Nov 10, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.