[Bug 54741] Re: New windows stealing focus -- and passwords?

[jmspeex]

So your argument is that if a vulnerability has been there for long
enough (or affects another OS), it's OK to leave it there? If a user
want to be affected by that, it's his/her choice, but the sane behaviour
should be the default. Or, in the minimal case, applications that can be
"controlled" remotely (e.g. IM, web browser, IRC client) should *never*
grab focus by default. It's just asking for (remotely exploitable)
trouble.

As to whether it's a good idea to automatically give focus to a window
that was explicitly requested by the user, I guess it's debatable. I
personally think it's dangerous, especially when your machine is slow
because you can open a terminal, not seeing it come up for several
seconds (I've seen minutes for a machine swapping heavily) and then go
back to another terminal. When the terminal you tried opening shows up,
it'll get whatever text you were typing at the moment. Technically, that
part wouldn't be a security issue because the worst you can do is
deleting your home directory ("rm -rf" ending up in the wrong terminal
window) but nodoby can remotely get you to do that.

BTW, I tried:
gconftool-2 --set /apps/metacity/general/focus_new_windows --type string strict
as suggested by another user and it didn't change anything. Any new window I open still grabs the focus.

-- 
New windows stealing focus -- and passwords?
https://launchpad.net/bugs/54741