Re: Modeless dialogs in the shell (design and implementation)

From: Matthew Paul Thomas <mpt canonical com>
To: gnome-shell-list gnome org
Subject: Re: Modeless dialogs in the shell (design and implementation)
Date: Tue, 28 Sep 2010 15:01:04 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ray Strode wrote on 28/09/10 02:12:
>...
> On Mon, Sep 27, 2010 at 3:44 PM, Milan Bouchet-Valat
> <nalimilan club fr> wrote:
>...
>> Now, the problem is that it's hard to associate a PolicyKit dialog to
>> a window. Maybe the API should be changed to pass the parent window to
>> the daemon and back to the authentication agent. Not sure there are
>> other solutions.

Canonical contributed exactly this solution.
<http://bugzilla-attachments.gnome.org/attachment.cgi?id=143961>

> This is discussed somewhat on the SystemDialogs page:
> 
> For example, a user shouldn't be able to sideline a system password
> dialog, because entering the password is a very important task that
> the user should be acutely conscious of. We don't want to desensitize
> the user from the risks of giving their password to anything that asks
> for it. In this vein, system password dialogs should look distinct, so
> that when a non-system dialog asks for the password the user questions
> whether or not to proceed.

Making the dialog system-modal would be one way of achieving that, but
there are less rude ways. One suggested by the Ubuntu security team,
which I think is a great idea, is to display the user's account icon in
the password dialog. It would still suffer from the Simon-says problem
(relying on you to notice the *absence* of something), but so would
making it system-modal or pretty much any other visual solution.

The main challenge then would be discouraging people from using the same
picture for their user account icon (which a malware page couldn't know)
as they do for their Facebook/Twitter profile (which it might).

> and there's a bug report about it here:
> 
> https://bugzilla.gnome.org/show_bug.cgi?id=596260
> 
> I'm not sure the malware argument is that strong.  I mean if you've
> got malware installed, it can just snoop your password as you type it
> into a real, valid password dialog.  Figuring out a proper solution
> for that is the "trusted path" problem, which is just not something
> that anyone is trying to solve yet.
>...

Right. The attack worth defending from here is imitation password
dialogs in Web pages. If you've got a malware executable running on your
computer, you've already lost.

- -- 
Matthew Paul Thomas
http://mpt.net.nz/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkyh9SAACgkQ6PUxNfU6ecqwqgCgkFivTf140Kob/Ghy2V4UGhoB
a5sAn0yelXP+Rr9x6mGhXpN37BUykePe
=E5fi
-----END PGP SIGNATURE-----

References:
- Modeless dialogs in the shell (design and implementation)
  - From: Giovanni Campagna
- Re: Modeless dialogs in the shell (design and implementation)
  - From: William Jon McCann
- Re: Modeless dialogs in the shell (design and implementation)
  - From: Milan Bouchet-Valat
- Re: Modeless dialogs in the shell (design and implementation)
  - From: Ray Strode

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]