Can KWin prevent windows from raising themselves from their v.desktop to the current v.desktop?
1i5t5.duncan at cox.net
Tue Jan 24 00:01:05 GMT 2023
Duncan posted on Mon, 23 Jan 2023 19:21:17 -0000 (UTC) as excerpted:
> Consider the possible security side-effects. As an example, consider a
> browser password dialog (say for firefox's master password, if you have
> it setup). Often you want it raised so you see it and can enter the
> password, but the browser folks ultimately had to change their behavior
> a bit because bad sites were trying to trigger popups without browser
> chrome and setup to appear just like the default password dialogs, in
> ordered to steal people's passwords.
Realized on reading that as posted that it implies the browser folks had
to change their behavior regarding raising the password dialog. That
wasn't intended and (AFAIK) isn't necessarily accurate (I unintentionally
made a statement I can't initially verify one way or the other).
What I /intended/ to say was that in my chosen example, they had to change
both password dialogs and their general web-page-popup behavior, primarily
web-page-popup appearance, to ensure that web-page-popups were distinct
enough from system dialogs (password and other, browser and not) that
there was no confusion, and that while raising and focus behavior may in
the abstract be different from that, be careful that any changes to focus
behavior rules you make, don't inadvertently neutralize behavior they may
have instituted due to security concerns that might be unrelated to the
particular example I named.
IOW, just be aware that a browser is arguably the most security exposed
sensitive app most people commonly run, and that any changes you make to
its default behavior, including apparently security-unrelated changes, may
have unintended consequences in terms of its security posture. With that
awareness and assuming a reasonable security sense that unfortunately many
folks don't seem to have (but just the fact that someone's posting/reading
here suggests a higher likelihood they do, due to self-selection meaning
the least security-aware wouldn't be here in the first place), proceeding
cautiously should be reasonable, but be particularly alert for unusual or
unexpected behavior for awhile after that, just in case.
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
More information about the kde