[Bug 276530] Re: gaskpass does not grab focus
This bug was fixed in the package gstm - 1.2-7 --- gstm (1.2-7) unstable; urgency=low * Remove gaskpass. gaskpass is just another ssh askpass program, and doesn't do anything special. It does not grab focus, which means that key loggers can listen in on what you type, aiui. Seeing as how it is just reinventing the wheel, I see no reason to keep it around. (Fixes LP: #276530, #276517, #276525, #276529, #276534) * Do not explicitly set the ssh timeout, as that causes problems on slow networks. (Fixes LP: #293240) -- Ubuntu Archive Auto-Sync [EMAIL PROTECTED] Mon, 24 Nov 2008 09:48:55 + ** Changed in: gstm (Ubuntu) Status: In Progress = Fix Released -- gaskpass does not grab focus https://bugs.launchpad.net/bugs/276530 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 276530] Re: gaskpass does not grab focus
I do not currently have a window manager that will let me try to reproduce this bug, but once I can I will fix it. It's not really a security risk, though. If a user is not paying enough attention to notice they are twittering their passphrase, then that's their own fault. Nevertheless, this is still probably an annoyance and should be fixed. Thanks for the bug report, Ryan ** Changed in: gstm (Ubuntu) Assignee: (unassigned) = Ryan Niebur (ryan52) -- gaskpass does not grab focus https://bugs.launchpad.net/bugs/276530 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 276530] Re: gaskpass does not grab focus
** Changed in: gstm (Ubuntu) Importance: Undecided = Low -- gaskpass does not grab focus https://bugs.launchpad.net/bugs/276530 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 276530] Re: gaskpass does not grab focus
I think this *is* a security risk. The danger is not only limited to accidental absent-minded twittering: when the keyboard input is not grabbed, any application (malicious or not) can eavesdrop on the keyboard input stream. This allows a trivial non-privileged userspace keylogger running in the same Xsession to capture passwords gathered by gaskpass. It's not clear to me how your window manager affects the keyboard input focus lock. Are you running a window manager that interferes with keyboard grabbing? Can you explain more? http://www.pint-stowp.net/software/x11-ssh-askpass/keyboard- grabbing.html See also XGrabKeyboard(3) -- gaskpass does not grab focus https://bugs.launchpad.net/bugs/276530 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 276530] Re: gaskpass does not grab focus
okay, sorry, the mention of twittering the password confused me. I now understand, and, even though this is also easy to fix, I will just remove gaskpass. Thanks, Ryan -- gaskpass does not grab focus https://bugs.launchpad.net/bugs/276530 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 276530] Re: gaskpass does not grab focus
** Changed in: gstm (Ubuntu) Importance: Low = Medium Status: New = Triaged -- gaskpass does not grab focus https://bugs.launchpad.net/bugs/276530 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 276530] Re: gaskpass does not grab focus
** Changed in: gstm (Ubuntu) Status: Triaged = In Progress -- gaskpass does not grab focus https://bugs.launchpad.net/bugs/276530 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
