Public bug reported:
When apport asks for the sudo passwords, other applications or dialogs
can steal focus. This is inacceptable because it leads to leaked
passwords. Moreover, it is inconvenient because the apport sudo dialog
contains possibly a part of the password and the other application the
other part, requiring to retype it.
observed behavior:
1. apport asks for sudo rights.
2. I start typing the password.
3. network manager has disconnected from wifi and asks for wifi password, with
the wifi password dialog getting focussed.
4. The remaining characters that I type go into the second application (network
manager) with the enter key causing an unintended action.
expected behavior:
When typing a password, no other application can be focussed automatically
(i.e. not by user action) until I have finished typing the password.
This can be implemented as:
- in all UI toolkits, if a password input field is focussed and the user is
currently typing (timeout after last keys stroke), the application locks focus.
- make sudo dialog system-modal, and the window manager does not allow anything
else being focussed by non-user action.
Ubuntu 16.04
apport-gtk 2.20.1-0ubuntu2.1
** Affects: apport (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
When apport asks for the sudo passwords, other applications or dialogs
can steal focus. This is inacceptable because it leads to leaked
passwords. Moreover, it is inconvenient because the apport sudo dialog
contains possibly a part of the password and the other application the
other part, requiring to retype it.
observed behavior:
1. apport asks for sudo rights.
2. I start typing the password.
3. network manager has disconnected from wifi and asks for wifi password,
with the wifi password dialog getting focussed.
4. The remaining characters that I type go into the second application
(network manager) with the enter key causing an unintended action.
expected behavior:
When typing a password, no other application can be focussed automatically
(i.e. not by user action) until I have finished typing the password.
This can be implemented as:
- in all UI toolkits, if a password input field is focussed and the user is
currently typing (timeout after last keys stroke), the application locks focus.
- make sudo dialog system-modal, and the window manager does not allow
anything else being focussed by non-user action.
+
+ Ubuntu 16.04
+ apport-gtk 2.20.1-0ubuntu2.1
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apport in Ubuntu.
https://bugs.launchpad.net/bugs/1633890
Title:
sudo password field allows other applications to steal focus
Status in apport package in Ubuntu:
New
Bug description:
When apport asks for the sudo passwords, other applications or dialogs
can steal focus. This is inacceptable because it leads to leaked
passwords. Moreover, it is inconvenient because the apport sudo dialog
contains possibly a part of the password and the other application the
other part, requiring to retype it.
observed behavior:
1. apport asks for sudo rights.
2. I start typing the password.
3. network manager has disconnected from wifi and asks for wifi password,
with the wifi password dialog getting focussed.
4. The remaining characters that I type go into the second application
(network manager) with the enter key causing an unintended action.
expected behavior:
When typing a password, no other application can be focussed automatically
(i.e. not by user action) until I have finished typing the password.
This can be implemented as:
- in all UI toolkits, if a password input field is focussed and the user is
currently typing (timeout after last keys stroke), the application locks focus.
- make sudo dialog system-modal, and the window manager does not allow
anything else being focussed by non-user action.
Ubuntu 16.04
apport-gtk 2.20.1-0ubuntu2.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1633890/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
