[prev in list] [next in list] [prev in thread] [next in thread]
List: kwin
Subject: [Bug 187718] Focus screwed up after closing emacsclient window (with
From: Thomas Lübking <thomas.luebking () web ! de>
Date: 2010-06-02 15:20:23
Message-ID: 20100602152023.ADEB743543 () immanuel ! kde ! org
[Download RAW message or body]
https://bugs.kde.org/show_bug.cgi?id=187718
--- Comment #8 from Thomas Lübking <thomas luebking web de> 2010-06-02 17:20:18 ---
(In reply to comment #7)
> Yes, I noticed that. Is this by intent
yes (it's the "extreme" way to handle things)
> I get the impression that this changes every time that I bring up a new element
> to the discussion.
that impression is wrong.
> Maybe the easiest would be to enumerate the (common) ways
> how an application could force focus, and say for each of these ways:
there's _one_ way to activate a client bypassing all WM checks. That is to
claim being a WM tool (eg. pager) and send a client message to the server.
(check KWindowSystem::forceActiveWindow() for an implementation)
Every client can send such message and the WM can not reliably check which
client emitted it or even match it's commandline against some whitelist.
(technically. aside whitelisting is no good idea anyway. we had this.)
I hope, this was clear enough.
> 1. If a high focus protection level doesn't interfere with WM tools, why did
> you bring up WM tools in the first place? ( in bug #240332, comment 9 )
i did not bring up WM tools but the fact that a client can forcefully take
focus.
the -other- bug report could be triggered by such invalid focus action, esp.
after your claim in comment 8 about emacs doing so. (we should btw. really
cross discuss other bugs.)
> 2. If on the other hand the WM cannot tell which request came from a WM tool,
> and which one came from an app, couldn't a malicious or careless app also use
> the same APIs that WMs use and that still "work" on high focus protection
> levels?
Yes. That's why you said "malicious" and "careless".
> And how likely is it that a careless or clueless app would do this
> accidentally (we're speaking about respectable mail programs and editors here
> after all, not about bonzai-buddy-like trojans...)?
As likely as passing the wrong parameter to a ClientMessage event.
> ... and is there any mechanism in place (or even possible) to make sure that
No and no. Who and how should decide what's a valid WM tool.
Please don't start trolling about security regarding this.
If there's malicious SW on your system you're screwed. Period.
A keylogger (other bug, comment 4) would certainly not take focus (the user
would notice that there's sth. wrong) but just register itself to the keyevent
listeners for all clients.
Also there's no way to detect the intentions of such monitoring client.
--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
_______________________________________________
kwin mailing list
kwin@kde.org
https://mail.kde.org/mailman/listinfo/kwin
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic