I just ran the xinput POC and here's my result:
Code:
jk@mehitabel:~$ xinput test 8
key release 36
key press 46
lkey release 46
key press 39
skey release 39
key press 37
key press 54
^C
The "8" was the ID of my keyboard; the 36 was release of the Enter key at the end of the "xinput" command. My typed input was "ls" and there's no obvious correlation to keys 45 and 39, although I suppose if the hypothetical intruder also had my keycode translation table he could figure it out. I'm not certain what the 37 refers to; I hit ctrl-C to interrupt the program so presumably the 37 and 54 are those two keys.
Bottom line:
if the intruder has gained access by some other vulnerability,
and knows my keycode translation (e.g. if I were using dvorak or some non-standard keyboard), then it's possible. However the risk is, IMO, vanishingly small.
Edit: just noticed that the key correlation is shown in the first character of each "release" line, for the two typed letter keys, so xinput does use the translation table. However it's still a vanishingly small risk IMO...
Bookmarks