Re: Modeless dialogs in the shell (design and implementation)

Hash: SHA1

Ray Strode wrote on 28/09/10 02:12:
> On Mon, Sep 27, 2010 at 3:44 PM, Milan Bouchet-Valat
> <nalimilan club fr> wrote:
>> Now, the problem is that it's hard to associate a PolicyKit dialog to
>> a window. Maybe the API should be changed to pass the parent window to
>> the daemon and back to the authentication agent. Not sure there are
>> other solutions.

Canonical contributed exactly this solution.

> This is discussed somewhat on the SystemDialogs page:
> For example, a user shouldn't be able to sideline a system password
> dialog, because entering the password is a very important task that
> the user should be acutely conscious of. We don't want to desensitize
> the user from the risks of giving their password to anything that asks
> for it. In this vein, system password dialogs should look distinct, so
> that when a non-system dialog asks for the password the user questions
> whether or not to proceed.

Making the dialog system-modal would be one way of achieving that, but
there are less rude ways. One suggested by the Ubuntu security team,
which I think is a great idea, is to display the user's account icon in
the password dialog. It would still suffer from the Simon-says problem
(relying on you to notice the *absence* of something), but so would
making it system-modal or pretty much any other visual solution.

The main challenge then would be discouraging people from using the same
picture for their user account icon (which a malware page couldn't know)
as they do for their Facebook/Twitter profile (which it might).

> and there's a bug report about it here:
> I'm not sure the malware argument is that strong.  I mean if you've
> got malware installed, it can just snoop your password as you type it
> into a real, valid password dialog.  Figuring out a proper solution
> for that is the "trusted path" problem, which is just not something
> that anyone is trying to solve yet.

Right. The attack worth defending from here is imitation password
dialogs in Web pages. If you've got a malware executable running on your
computer, you've already lost.

- -- 
Matthew Paul Thomas
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]