[Bug 276530] Re: gaskpass does not grab focus
dkg
dkg at fifthhorseman.net
Sat Nov 22 19:38:48 UTC 2008
I think this *is* a security risk. The danger is not only limited to
accidental absent-minded twittering: when the keyboard input is not
"grabbed", any application (malicious or not) can eavesdrop on the
keyboard input stream. This allows a trivial non-privileged userspace
keylogger running in the same Xsession to capture passwords gathered by
gaskpass.
It's not clear to me how your window manager affects the keyboard input
focus lock. Are you running a window manager that interferes with
keyboard grabbing? Can you explain more?
http://www.pint-stowp.net/software/x11-ssh-askpass/keyboard-
grabbing.html
See also XGrabKeyboard(3)
--
gaskpass does not grab focus
https://bugs.launchpad.net/bugs/276530
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list