[kde] [Bug 482973] New: Sudo dialog should not permit background typing

[Reuben]

https://bugs.kde.org/show_bug.cgi?id=482973

            Bug ID: 482973
           Summary: Sudo dialog should not permit background typing
    Classification: I don't know
           Product: kde
           Version: unspecified
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: unassigned-bugs at kde.org
          Reporter: kde at flavor8.com
  Target Milestone: ---

Created attachment 166790
  --> https://bugs.kde.org/attachment.cgi?id=166790&action=edit
demonstration

With focus follows mouse, it's quite possible to inadvertently type your
password somewhere that you didn't intend. This is particularly odious with
apps that (might) keep history, e.g. Discover. See attached video for
demonstration. I've done this probably half a dozen times with Discover in the
past two years, so this is not theoretical. Users who don't realize that some
applications write history to disk in plain text may not change their password
when this happens.

The sudo dialog should somehow protect against this. One possibility would be
to own the glass of the screen and prevent background typing (though, maybe
some users copy/paste passwords from password managers? - but this could be
accomodated for with a button to dismiss the sneezeguard, since it's an
exception to the general usage pattern). Another possibility would be to detect
loss of focus and react very prominently, e.g. by highlighting the sudo dialog.

-- 
You are receiving this mail because:
You are the assignee for the bug.