https://bugzilla.xfce.org/show_bug.cgi?id=10581
--- Comment #4 from Steve Dodier-Lazaro <[email protected]> --- >From a security perspective, we should be able to guarantee that we take the user from the Xfce shutdown dialog where they clicked to the proper PolicyKit agent asking for their password, rather than just let any dialog come up and ask for passwords. This is rather hard if we don't control the PolicyKit agent in use. We can't do much about malware creating modal spoofs of the polkit agent (this is an impossible problem under X11) but can we at least wait until we know the agent is done spawning before releasing modality on the Xfce dialog? Question: does the Xfce shutdown dialog need to be re-displayed after a successful / failed interaction with the agent? Or do we consider that the agent is in charge of providing feedback on the outcome of the user clicking on "Hibernate"? Maybe it's better to just remove the dialog at this point. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Xfce-bugs mailing list [email protected] https://mail.xfce.org/mailman/listinfo/xfce-bugs
