Re: X-windows security in Gnome

[Havoc Pennington <hp redhat com>]

Benjamin Kahn <xkahn ximian com> writes: 
> 	Of course, as Chris Lahey pointed out just the other day, one of the
> main points of this feature is to make sure the user REALLY IS typing
> their password into the application they think they are tying it into. 
> Another window can't just pop up, grab focus, and display what they are
> typing.

Sure, but windows aren't supposed to get focus while you're typing in
another app - they don't in Windows XP, for example. This is something
that's easy to fix correctly, and the correct fix ends up really
solving the problem for all users, not just theoretically solving it
if everyone bothers to choose the "secure keyboard" menu item before
and after they type something sensitive.

In any case, if you have the menu item for this reason, it definitely
should not be called "secure keyboard," since that name has created a
widespread misconception that it makes you immune to key snooping and
thus has probably encouraged insecure setups. I guess it should be
called "work around broken focus policy" ;-)

> 	And, as another side point, I had a sawfish and panel crash the other
> day when using GNOME 2.  All I could (easily) do was ask Nautilus to
> open a terminal which I couldn't type into since I couldn't ask it to
> grab the keyboard.

I have a problem with a menu item called "focus this window because my
window manager crashed" ;-)

I usually go to a virtual console and type "DISPLAY=:0 windowmanager"

But a more realistic solution for end users is this one:
 http://bugzilla.gnome.org/show_bug.cgi?id=75047

Combined with a generic session manager feature that protects you from
losing all the key programs from the session (desktop icons, panel,
WM). Users lose these from time to time, and generally don't know how
to get them back.

Havoc
_______________________________________________
gnome-hackers mailing list
gnome-hackers gnome org
http://mail.gnome.org/mailman/listinfo/gnome-hackers