I found this which may be another way to log keystrokes. It looks at /proc/pid/sched and is supposed to be able to spy on keystrokes.
It only says gksu but should work for any program. I haven’t tested this yet.
We very partially mitigate this due to mounting /proc with
hidepid=2 but this will only prevent the script from spying on other users’ programs.
A way to mostly mitigate this would be to run every program in its own PID namespace or as its own user so it can only see its own processes.