[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: Re: Ksshaskpass ?
From: Jeremy Whiting <jpwhiting () kde ! org>
Date: 2014-12-11 17:37:22
Message-ID: CADWV2K7zCt5c1BeT5F7=u-N9B4_0wrOBHy7v1oOyZc2LCTAfmA () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Martin,
Thanks for the review. I see what you mean, is there an example of doing
that on X11, also does that make it so ksshaskpass (or kpassworddialog)
won't work on wayland? At any rate if you can point me to another example
that does this I'll put a patch for KPasswordDialog on reviewboard (unless
someone else beats me to it).
thanks,
Jeremy
On Thu, Dec 11, 2014 at 8:43 AM, Martin Gr=C3=A4=C3=9Flin <mgraesslin@kde.o=
rg> wrote:
> On Thursday 11 December 2014 08:33:48 Jeremy Whiting wrote:
> > ksshaskspass has been in kdereview and has been improved since it got
> > there. Is it ready to be moved to kde/workspace ?
>
> Sorry for being late for the review. I just cloned the repo and did a qui=
ck
> look for a common problem on X11: the dialog doesn't grab keyboard input.
>
> When a window asks for a password it should make sure that no other X
> client
> intercepts the input. On X11 every other client is able to get to the key
> events. Thus the dialog should:
> * grab the keyboard when it gets keyboard focus (is active)
> * disable entering the password if it failed to grab keyboard and print a
> useful message
> * release the grab keyboard once it lost focus (e.g. user wants to switch
> to
> browser to check why that wants a password)
>
> While writing that I realized that this is not at all the fault of
> ksshaskspass but rather of KPasswordDialog which should implement those
> checks. So I wouldn't say it's a blocking issue for a move, though I woul=
d
> prefer to not get new applications into kde/workspace which aren't secure
> against the key logging attacks on X11.
>
> Cheers
> Martin
>
> >
> > On Wed, Nov 5, 2014 at 12:50 PM, David Faure <faure@kde.org> wrote:
> > > [cutting down on the massive cross-posting]
> > >
> > > On Monday 03 November 2014 14:13:50 Jeremy Whiting wrote:
> > > > ksshaskpass has no more krazy issues and has been moved to kderevie=
w.
> > > > I think it's final resting place should be kde/workspace but I'm op=
en
> > > > to other ideas. It is usable on other platforms besides plasma, but
> it
> > > > saves passwords in kwallet, so may make the most sense there.
> > >
> > > Yep, sounds like a workspace component to me. It doesn't make sense
> when
> > > using
> > > a single KDE app in e.g. gnome, which surely has another GUI for
> ssh-add.
> > >
> > > --
> > > David Faure, faure@kde.org, http://www.davidfaure.fr
> > > Working on KDE Frameworks 5
>
[Attachment #5 (text/html)]
<div dir="ltr">Martin,<div><br></div><div>Thanks for the review. I see what you mean, is there an example \
of doing that on X11, also does that make it so ksshaskpass (or kpassworddialog) won't work on \
wayland? At any rate if you can point me to another example that does this I'll put a patch for \
KPasswordDialog on reviewboard (unless someone else beats me to \
it).</div><div><br></div><div>thanks,</div><div>Jeremy</div></div><div class="gmail_extra"><br><div \
class="gmail_quote">On Thu, Dec 11, 2014 at 8:43 AM, Martin Gräßlin <span dir="ltr"><<a \
href="mailto:mgraesslin@kde.org" target="_blank">mgraesslin@kde.org</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span \
class="">On Thursday 11 December 2014 08:33:48 Jeremy Whiting wrote:<br> > ksshaskspass has been in \
kdereview and has been improved since it got<br> > there. Is it ready to be moved to kde/workspace \
?<br> <br>
</span>Sorry for being late for the review. I just cloned the repo and did a quick<br>
look for a common problem on X11: the dialog doesn't grab keyboard input.<br>
<br>
When a window asks for a password it should make sure that no other X client<br>
intercepts the input. On X11 every other client is able to get to the key<br>
events. Thus the dialog should:<br>
* grab the keyboard when it gets keyboard focus (is active)<br>
* disable entering the password if it failed to grab keyboard and print a<br>
useful message<br>
* release the grab keyboard once it lost focus (e.g. user wants to switch to<br>
browser to check why that wants a password)<br>
<br>
While writing that I realized that this is not at all the fault of<br>
ksshaskspass but rather of KPasswordDialog which should implement those<br>
checks. So I wouldn't say it's a blocking issue for a move, though I would<br>
prefer to not get new applications into kde/workspace which aren't secure<br>
against the key logging attacks on X11.<br>
<br>
Cheers<br>
<span class="HOEnZb"><font color="#888888">Martin<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
><br>
> On Wed, Nov 5, 2014 at 12:50 PM, David Faure <<a \
href="mailto:faure@kde.org">faure@kde.org</a>> wrote:<br> > > [cutting down on the massive \
cross-posting]<br> > ><br>
> > On Monday 03 November 2014 14:13:50 Jeremy Whiting wrote:<br>
> > > ksshaskpass has no more krazy issues and has been moved to kdereview.<br>
> > > I think it's final resting place should be kde/workspace but I'm open<br>
> > > to other ideas. It is usable on other platforms besides plasma, but it<br>
> > > saves passwords in kwallet, so may make the most sense there.<br>
> ><br>
> > Yep, sounds like a workspace component to me. It doesn't make sense when<br>
> > using<br>
> > a single KDE app in e.g. gnome, which surely has another GUI for ssh-add.<br>
> ><br>
> > --<br>
> > David Faure, <a href="mailto:faure@kde.org">faure@kde.org</a>, <a \
href="http://www.davidfaure.fr" target="_blank">http://www.davidfaure.fr</a><br> > > Working on KDE \
Frameworks 5<br> </div></div></blockquote></div><br></div>
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic