https://bugs.kde.org/show_bug.cgi?id=482973
Bug ID: 482973
Summary: Sudo dialog should not permit background typing
Classification: I don't know
Product: kde
Version: unspecified
Platform: Other
OS: Linux
Status: REPORTED
Severity: normal
Priority: NOR
Component: general
Assignee: unassigned-b...@kde.org
Reporter: k...@flavor8.com
Target Milestone: ---
Created attachment 166790
--> https://bugs.kde.org/attachment.cgi?id=166790&action=edit
demonstration
With focus follows mouse, it's quite possible to inadvertently type your
password somewhere that you didn't intend. This is particularly odious with
apps that (might) keep history, e.g. Discover. See attached video for
demonstration. I've done this probably half a dozen times with Discover in the
past two years, so this is not theoretical. Users who don't realize that some
applications write history to disk in plain text may not change their password
when this happens.
The sudo dialog should somehow protect against this. One possibility would be
to own the glass of the screen and prevent background typing (though, maybe
some users copy/paste passwords from password managers? - but this could be
accomodated for with a button to dismiss the sneezeguard, since it's an
exception to the general usage pattern). Another possibility would be to detect
loss of focus and react very prominently, e.g. by highlighting the sudo dialog.
--
You are receiving this mail because:
You are watching all bug changes.
