This bug was fixed in the package gstm - 1.2-7
---
gstm (1.2-7) unstable; urgency=low
* Remove gaskpass. gaskpass is just another ssh askpass program, and
doesn't do anything special. It does not grab focus, which means
that key loggers can listen in on what you type, aiui.
I do not currently have a window manager that will let me try to reproduce this
bug, but once I can I will fix it.
It's not really a security risk, though. If a user is not paying enough
attention to notice they are twittering their passphrase, then that's their own
fault. Nevertheless, this is
** Changed in: gstm (Ubuntu)
Importance: Undecided = Low
--
gaskpass does not grab focus
https://bugs.launchpad.net/bugs/276530
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
I think this *is* a security risk. The danger is not only limited to
accidental absent-minded twittering: when the keyboard input is not
grabbed, any application (malicious or not) can eavesdrop on the
keyboard input stream. This allows a trivial non-privileged userspace
keylogger running in the
okay, sorry, the mention of twittering the password confused me. I now
understand, and, even though this is also easy to fix, I will just
remove gaskpass.
Thanks,
Ryan
--
gaskpass does not grab focus
https://bugs.launchpad.net/bugs/276530
You received this bug notification because you are a
** Changed in: gstm (Ubuntu)
Importance: Low = Medium
Status: New = Triaged
--
gaskpass does not grab focus
https://bugs.launchpad.net/bugs/276530
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
** Changed in: gstm (Ubuntu)
Status: Triaged = In Progress
--
gaskpass does not grab focus
https://bugs.launchpad.net/bugs/276530
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list