Can KWin prevent windows from raising themselves from their v.desktop to the current v.desktop?

Duncan 1i5t5.duncan at cox.net
Tue Jan 24 00:01:05 GMT 2023


Duncan posted on Mon, 23 Jan 2023 19:21:17 -0000 (UTC) as excerpted:

> Consider the possible security side-effects.  As an example, consider a
> browser password dialog (say for firefox's master password, if you have
> it setup).  Often you want it raised so you see it and can enter the
> password, but the browser folks ultimately had to change their behavior
> a bit because bad sites were trying to trigger popups without browser
> chrome and setup to appear just like the default password dialogs, in
> ordered to steal people's passwords.

Realized on reading that as posted that it implies the browser folks had 
to change their behavior regarding raising the password dialog.  That 
wasn't intended and (AFAIK) isn't necessarily accurate (I unintentionally 
made a statement I can't initially verify one way or the other).

What I /intended/ to say was that in my chosen example, they had to change 
both password dialogs and their general web-page-popup behavior, primarily 
web-page-popup appearance, to ensure that web-page-popups were distinct 
enough from system dialogs (password and other, browser and not) that 
there was no confusion, and that while raising and focus behavior may in 
the abstract be different from that, be careful that any changes to focus 
behavior rules you make, don't inadvertently neutralize behavior they may 
have instituted due to security concerns that might be unrelated to the 
particular example I named.

IOW, just be aware that a browser is arguably the most security exposed 
sensitive app most people commonly run, and that any changes you make to 
its default behavior, including apparently security-unrelated changes, may 
have unintended consequences in terms of its security posture.  With that 
awareness and assuming a reasonable security sense that unfortunately many 
folks don't seem to have (but just the fact that someone's posting/reading 
here suggests a higher likelihood they do, due to self-selection meaning 
the least security-aware wouldn't be here in the first place), proceeding 
cautiously should be reasonable, but be particularly alert for unusual or 
unexpected behavior for awhile after that, just in case.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman



More information about the kde mailing list