Re: Modeless dialogs in the shell (design and implementation)

[Ray Strode <halfline gmail com>]

Hi,

On Mon, Sep 27, 2010 at 3:44 PM, Milan Bouchet-Valat <nalimilan club fr> wrote:
> Regarding PolicyKit authentication dialogs at least, I also believe it
> would be better to make them modal only for the application they
> correspond to. See how the Windows Vista's UAC authentication thing is
> perceived as disruptive by users (it locks the whole desktop with a dim
> effect). In Ubuntu we had gksu, which also locked the whole desktop, and
> the move to PolicyKit made authentication much smoother IMHO.
>
> There's no need to prevent user from switching to another application
> when authenticating. Rather, it gives a false sense of security to
> users: since any application is able to run such a system-modal dialog,
> a malware could have the exact same look and people will tend to trust
> them.
>
> Now, the problem is that it's hard to associate a PolicyKit dialog to a
> window. Maybe the API should be changed to pass the parent window to the
> daemon and back to the authentication agent. Not sure there are other
> solutions.
This is discussed somewhat on the SystemDialogs page:

For example, a user shouldn't be able to sideline a system password
dialog, because entering the password is a very important task that
the user should be acutely conscious of. We don't want to desensitize
the user from the risks of giving their password to anything that asks
for it. In this vein, system password dialogs should look distinct, so
that when a non-system dialog asks for the password the user questions
whether or not to proceed.

and there's a bug report about it here:

https://bugzilla.gnome.org/show_bug.cgi?id=596260

I'm not sure the malware argument is that strong.  I mean if you've
got malware installed, it can just snoop your password as you type it
into a real, valid password dialog.  Figuring out a proper solution
for that is the "trusted path" problem, which is just not something
that anyone is trying to solve yet.

--Ray