On Donnerstag, 11. Dezember 2014 18:37:22 CEST, Jeremy Whiting wrote:
Martin,
Thanks for the review. I see what you mean, is there an example of doing
that on X11
lineEdit->grabKeyboard();
if (QWidget::keyboardGrabber() != lineEdit) {
// UNSECURE!!!
}
...
lineEdit->releaseKeyboard();
NOTICE:
a) to have grabbing work, the window must be mapped, ie. ensure there's a
platform window, ie. ensure the eventloop is up and the window has been shown
(binding this to activation changes as Martin suggested should however do
implicitly)
b) this offers NO protection against reading the kernel events directly (ie. root access
implies "game over" here as well, you're application does not have to be
manipulated)
c) keyboard grabbing CAN BE BROKEN - a malicious script can break the grab (w/o
killing the process) if that feature is enabled in the server. To harden the
entire thing, you might want to periodically check (or on every keypress etc.)
whether the grab is still intact (while that does only harden it: one can
detect the grabbing client, break the grab and re-establish it eg. between
keypresses)
d) as long as the keyboard is grabed, you're responsible to allow to leave that
state - eg. the keyboard can no longer be used to deactivate the window
(Alt+Tab won't work)
I probably should add this to the password mode in Qarma - I'll try to find the
time tonight and send you a link for code inspection (to compare w/ your own
achievements ;-)
Cheers,
Thomas
