This bug was fixed in the package gstm - 1.2-7
---
gstm (1.2-7) unstable; urgency=low
* Remove gaskpass. gaskpass is just another ssh askpass program, and
doesn't do anything special. It does not grab focus, which means
that key loggers can listen in on what you type, aiui.
** Changed in: gstm (Ubuntu)
Status: Triaged => In Progress
--
gaskpass does not grab focus
https://bugs.launchpad.net/bugs/276530
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubun
** Changed in: gstm (Ubuntu)
Importance: Low => Medium
Status: New => Triaged
--
gaskpass does not grab focus
https://bugs.launchpad.net/bugs/276530
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
u
okay, sorry, the mention of twittering the password confused me. I now
understand, and, even though this is also easy to fix, I will just
remove gaskpass.
Thanks,
Ryan
--
gaskpass does not grab focus
https://bugs.launchpad.net/bugs/276530
You received this bug notification because you are a memb
I think this *is* a security risk. The danger is not only limited to
accidental absent-minded twittering: when the keyboard input is not
"grabbed", any application (malicious or not) can eavesdrop on the
keyboard input stream. This allows a trivial non-privileged userspace
keylogger running in th
** Changed in: gstm (Ubuntu)
Importance: Undecided => Low
--
gaskpass does not grab focus
https://bugs.launchpad.net/bugs/276530
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
I do not currently have a window manager that will let me try to reproduce this
bug, but once I can I will fix it.
It's not really a "security" risk, though. If a user is not paying enough
attention to notice they are twittering their passphrase, then that's their own
fault. Nevertheless, this i
