Public bug reported:
Issue: plugging in an external drive encrypted with dm-crypt/luks pops
up a password prompt but the window's focus is not locked to the
password prompt (as it should be for proper security when entering a
password).
In the current implementation, if the window's focus changes (by
accident) or is changed purposely (via malware), the user could be
entering his/her password into a focus-point that is not the password
prompt. For proper implementation on how to do this see Gnome-Shell's
implementation. In Gnome-Shell, the screen darkens putting all the focus
onto the password prompt. The window's focus on the password prompt will
not be released until the user clicks Cancel or enters a password.
Please implement this properly in Unity so that Ubuntu users are better
protected when entering their passwords for external drives.
To recreate the problem, encrypt an external HDD with dmcrypt/luks. Plug
the drive into Unity via USB and notice the password prompt that
appears. Notice how the user is free to change what window has focus
despite the fact that a password prompt window has been generated? With
the password prompt showing on the left side of the screen, I can type
content into another window (e.g., gedit) that appears on the right side
of the screen. This should not be possible. And results in poor security
for the user.
** Affects: unity (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1633602
Title:
External drive password prompts allow the focus to be changed creating
security issue
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1633602/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
