GNOME and focus stealing
Ted Gould
ted at gould.cx
Thu May 8 14:42:52 MST 2008
On Thu, 2008-05-08 at 13:59 -0700, der.hans wrote:
> Hmm, apparently not. Does X have to be restarted for gconf changes to take
> effect?
Not in general. GConf will signal the app to say that the value has
been changed. Now, the app has to be well written enough to listen :)
I'm sure metacity is.
> [0] Focus stealing should've not been an issue in the first place.
>
> [1] We shouldn't have to go to gconf-editor to turn on an important
> security feature.
The problem comes with things like password dialogs. When Evolution
prompts me for my PGP password it isn't actually the Evolution process
doing that, it's Seahorse. And that's the way I want it. But I do want
to be able to hit "Ctrl+Enter, ******, Enter" to send e-mail.
In reality, X allows for this focus stealing in numerous cases. One
would have to violate the X11 specification to disallow it. It's also
possible to put a full screen event mask in place to do key logging. If
you're running X, at some level you're putting trust in a bunch of
applications doing the right thing :)
You might be interested in the NSA's X security extensions. I don't
think that anyone's implemented them yet though.
--Ted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20080508/2cd1fadf/attachment.pgp
More information about the PLUG-discuss
mailing list