Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
using your example of something that asks for a password, what if you want to access your password safe to get that password?
Posted Dec 20, 2011 19:31 UTC (Tue) by alecs1 (guest, #46699)
I'm not insisting that all password requests should acquire total focus, but those that try to implement such a thing should be consistent and stable. I didn't do an analysis of what needs passwords and what not, but I think all system configuration triggered by GUI and which requires additional privileges should do this grab. The password safe should implement some extra security itself too.
Posted Dec 20, 2011 19:39 UTC (Tue) by nybble41 (subscriber, #55106)
Note that you're still vulnerable to impersonation attacks, since any other program can pretend to be the system dialog and capture your password that way. A reserved, unblockable shortcut key helps, but doesn't entirely eliminate the issue. To block this sort of attack you need some form of secure channel (like a dedicated LED) with which to indicate that the system dialog has successfully reserved the keyboard focus.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds