Public bug reported: Issue: plugging in an external drive encrypted with dm-crypt/luks pops up a password prompt but the window's focus is not locked to the password prompt (as it should be for proper security when entering a password).
In the current implementation, if the window's focus changes (by accident) or is changed purposely (via malware), the user could be entering his/her password into a focus-point that is not the password prompt. For proper implementation on how to do this see Gnome-Shell's implementation. In Gnome-Shell, the screen darkens putting all the focus onto the password prompt. The window's focus on the password prompt will not be released until the user clicks Cancel or enters a password. Please implement this properly in Unity so that Ubuntu users are better protected when entering their passwords for external drives. To recreate the problem, encrypt an external HDD with dmcrypt/luks. Plug the drive into Unity via USB and notice the password prompt that appears. Notice how the user is free to change what window has focus despite the fact that a password prompt window has been generated? With the password prompt showing on the left side of the screen, I can type content into another window (e.g., gedit) that appears on the right side of the screen. This should not be possible. And results in poor security for the user. ** Affects: unity (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1633602 Title: External drive password prompts allow the focus to be changed creating security issue To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1633602/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs