From kde-devel Fri Dec 12 06:37:18 2014 From: Martin =?ISO-8859-1?Q?Gr=E4=DFlin?= Date: Fri, 12 Dec 2014 06:37:18 +0000 To: kde-devel Subject: Re: Re: Re: Ksshaskpass ? Message-Id: <2790551.izGlnOhDQA () martin-desktop> X-MARC-Message: https://marc.info/?l=kde-devel&m=141836633211432 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--===============8820847731508083336==" --===============8820847731508083336== Content-Type: multipart/signed; boundary="nextPart2367920.MuC3rX85EJ"; micalg="pgp-sha1"; protocol="application/pgp-signature" --nextPart2367920.MuC3rX85EJ Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" On Thursday 11 December 2014 10:37:22 Jeremy Whiting wrote: > Martin, >=20 > Thanks for the review. I see what you mean, is there an example of do= ing > that on X11, also does that make it so ksshaskpass (or kpassworddialo= g) > won't work on wayland? Concerning Wayland: on this windowing system doesn't allow clients to r= ead key=20 events for other clients (of course root can still just listen to the d= evice=20 files). This implies that one cannot grab the keyboard any more. Given that I would suggest to do the hardening only on X11, by either u= sing=20 QX11Info::isPlatformX11() or comparing the platformName to xcb. > At any rate if you can point me to another example > that does this I'll put a patch for KPasswordDialog on reviewboard (u= nless > someone else beats me to it). I think Thomas already explained the steps quite good. Cheers Martin >=20 > thanks, > Jeremy >=20 > On Thu, Dec 11, 2014 at 8:43 AM, Martin Gr=C3=A4=C3=9Flin wrote: > > On Thursday 11 December 2014 08:33:48 Jeremy Whiting wrote: > > > ksshaskspass has been in kdereview and has been improved since it= got > > > there. Is it ready to be moved to kde/workspace ? > >=20 > > Sorry for being late for the review. I just cloned the repo and did= a > > quick > > look for a common problem on X11: the dialog doesn't grab keyboard = input. > >=20 > > When a window asks for a password it should make sure that no other= X > > client > > intercepts the input. On X11 every other client is able to get to t= he key > > events. Thus the dialog should: > > * grab the keyboard when it gets keyboard focus (is active) > > * disable entering the password if it failed to grab keyboard and p= rint a > > useful message > > * release the grab keyboard once it lost focus (e.g. user wants to = switch > > to > > browser to check why that wants a password) > >=20 > > While writing that I realized that this is not at all the fault of > > ksshaskspass but rather of KPasswordDialog which should implement t= hose > > checks. So I wouldn't say it's a blocking issue for a move, though = I would > > prefer to not get new applications into kde/workspace which aren't = secure > > against the key logging attacks on X11. > >=20 > > Cheers > > Martin > >=20 > > > On Wed, Nov 5, 2014 at 12:50 PM, David Faure wrot= e: > > > > [cutting down on the massive cross-posting] > > > >=20 > > > > On Monday 03 November 2014 14:13:50 Jeremy Whiting wrote: > > > > > ksshaskpass has no more krazy issues and has been moved to > > > > > kdereview. > > > > > I think it's final resting place should be kde/workspace but = I'm > > > > > open > > > > > to other ideas. It is usable on other platforms besides plasm= a, but > >=20 > > it > >=20 > > > > > saves passwords in kwallet, so may make the most sense there.= > > > >=20 > > > > Yep, sounds like a workspace component to me. It doesn't make s= ense > >=20 > > when > >=20 > > > > using > > > > a single KDE app in e.g. gnome, which surely has another GUI fo= r > >=20 > > ssh-add. > >=20 > > > > -- > > > > David Faure, faure@kde.org, http://www.davidfaure.fr > > > > Working on KDE Frameworks 5 --nextPart2367920.MuC3rX85EJ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEABECAAYFAlSKjSYACgkQqVXwidMiVroVbACgjor8X9RQIlZ/Hc7hbYqMlHeq baoAoIMR0tW6e0CX6IcgXXVPAmFMAjyZ =IsbC -----END PGP SIGNATURE----- --nextPart2367920.MuC3rX85EJ-- --===============8820847731508083336== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe << --===============8820847731508083336==--