https://bugs.kde.org/show_bug.cgi?id=433485
Bug ID: 433485
Summary: GUI input isolation for passswords a la gksudo
Product: policykit-kde-agent-1
Version: 5.21.0
Platform: Other
OS: Linux
Status: REPORTED
Severity: wishlist
Priority: NOR
Component: general
Assignee: d...@kde.org
Reporter: ddascalescu+...@gmail.com
Target Milestone: ---
SUMMARY
Would it be possible, perhaps with Wayland, to isolate keyboard input when the
user types in the password, such that no other process can log keystrokes?
STEPS TO REPRODUCE
1. `xinput list`
2. `xinput test <id of the keyboard device>`
3. In a different terminal, `pkexec bash`
OBSERVED RESULT
Every keystroke typed in the password input of the PolicyKit1 KDE Agent dialog,
is logged by the `xinput test` command.
EXPECTED RESULT
Typing the password in the PolicyKit1 KDE Agent input box should not result in
keystrokes being logged.
SOFTWARE/OS VERSIONS
Linux/KDE Plasma: KDE neon 5.21
ADDITIONAL INFORMATION
http://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html
--
You are receiving this mail because:
You are watching all bug changes.
