Ksshaskpass ?

Thomas Lübking thomas.luebking at gmail.com
Thu Dec 11 19:38:32 GMT 2014


On Donnerstag, 11. Dezember 2014 18:37:22 CEST, Jeremy Whiting wrote:
> Martin,
>
> Thanks for the review. I see what you mean, is there an example of doing
> that on X11

lineEdit->grabKeyboard();
if (QWidget::keyboardGrabber() != lineEdit) {
   // UNSECURE!!!
}

...
lineEdit->releaseKeyboard();

NOTICE:
a) to have grabbing work, the window must be mapped, ie. ensure there's a platform window, ie. ensure the eventloop is up and the window has been shown (binding this to activation changes as Martin suggested should however do implicitly)
b) this offers NO protection against reading the kernel events directly (ie. root access implies "game over" here as well, you're application does not have to be manipulated)
c) keyboard grabbing CAN BE BROKEN - a malicious script can break the grab (w/o killing the process) if that feature is enabled in the server. To harden the entire thing, you might want to periodically check (or on every keypress etc.) whether the grab is still intact (while that does only harden it: one can detect the grabbing client, break the grab and re-establish it eg. between keypresses)
d) as long as the keyboard is grabed, you're responsible to allow to leave that state - eg. the keyboard can no longer be used to deactivate the window (Alt+Tab won't work)

I probably should add this to the password mode in Qarma - I'll try to find the time tonight and send you a link for code inspection (to compare w/ your own achievements ;-)

Cheers,
Thomas




More information about the kde-core-devel mailing list