Having a key in gconf is nice, but it doesn't change the fact that
automatically giving focus to a new window (by default!) constitutes not
only a security issue (typing a passwd in the wrong window), but a
potential for data loss (typing "rm -rf *" in the wrong terminal). Maybe
I should file it under "security" so it gets some attention.

The security issue is very real and probably wouldn't be that hard to
exploit remotely. Consider Alice logging on to Bob's server with ssh.
Malicious user Mallory is already logged on the server and detects the
attempt (seeing sshd starting with ps) and automatically sends an IM
message to Alice ("Hi Alice, how are you?"). There is a non-zero
probability that Alice will not see the IM window open and accidently
type his/her password right into Mallory's IM window, giving away her
password.

-- 
New windows shouldn't steal focus
https://launchpad.net/bugs/51242

--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to