Writing a keylogger for X Window is just a few lines of shell script, assuming `xinput` is installed. X Window system just was not designed for running complex graphical environments, I suppose, and security inside it is quite weak (it does not protect root sessions in xterm in any way although xterm was one of the first X programs). Yes, `gksu`/`kdesudo` alleviate the situation (protecting passwords from being grabbed), but that's not a solution.
E.g. it's easy to write a script that detects user's inactivity for some period and if a root session is here in the same X session, it just sends there any text. That's why I avoid sudo'ing in graphical environment and I always set 'targetpw' in /etc/sudoers to enable separate root account on Debian/Ubuntu.
Writing a keylogger for X Window is just a few lines of shell script, assuming `xinput` is installed. X Window system just was not designed for running complex graphical environments, I suppose, and security inside it is quite weak (it does not protect root sessions in xterm in any way although xterm was one of the first X programs). Yes, `gksu`/`kdesudo` alleviate the situation (protecting passwords from being grabbed), but that's not a solution.
E.g. it's easy to write a script that detects user's inactivity for some period and if a root session is here in the same X session, it just sends there any text. That's why I avoid sudo'ing in graphical environment and I always set 'targetpw' in /etc/sudoers to enable separate root account on Debian/Ubuntu.