'Re: Re: Ksshaskpass ?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Re: Ksshaskpass ?
From:       Martin =?ISO-8859-1?Q?Gr=E4=DFlin?= <mgraesslin () kde ! org>
Date:       2014-12-11 15:43:57
Message-ID: 1634221.qUmITE2k0k () martin-desktop
[Download RAW message or body]


On Thursday 11 December 2014 08:33:48 Jeremy Whiting wrote:
> ksshaskspass has been in kdereview and has been improved since it got
> there. Is it ready to be moved to kde/workspace ?

Sorry for being late for the review. I just cloned the repo and did a quick 
look for a common problem on X11: the dialog doesn't grab keyboard input.

When a window asks for a password it should make sure that no other X client 
intercepts the input. On X11 every other client is able to get to the key 
events. Thus the dialog should:
* grab the keyboard when it gets keyboard focus (is active)
* disable entering the password if it failed to grab keyboard and print a 
useful message
* release the grab keyboard once it lost focus (e.g. user wants to switch to 
browser to check why that wants a password)

While writing that I realized that this is not at all the fault of 
ksshaskspass but rather of KPasswordDialog which should implement those 
checks. So I wouldn't say it's a blocking issue for a move, though I would 
prefer to not get new applications into kde/workspace which aren't secure 
against the key logging attacks on X11.

Cheers
Martin

> 
> On Wed, Nov 5, 2014 at 12:50 PM, David Faure <faure@kde.org> wrote:
> > [cutting down on the massive cross-posting]
> > 
> > On Monday 03 November 2014 14:13:50 Jeremy Whiting wrote:
> > > ksshaskpass has no more krazy issues and has been moved to kdereview.
> > > I think it's final resting place should be kde/workspace but I'm open
> > > to other ideas. It is usable on other platforms besides plasma, but it
> > > saves passwords in kwallet, so may make the most sense there.
> > 
> > Yep, sounds like a workspace component to me. It doesn't make sense when
> > using
> > a single KDE app in e.g. gnome, which surely has another GUI for ssh-add.
> > 
> > --
> > David Faure, faure@kde.org, http://www.davidfaure.fr
> > Working on KDE Frameworks 5

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic