[kdepim-users] keystrokes being echoed

Martin Steigerwald martin at lichtvoll.de
Wed Sep 16 20:15:31 BST 2015


Am Sonntag, 16. August 2015, 23:35:17 CEST schrieb Ingo Klöcker:
> On Saturday 15 August 2015 09:01:40 René J.V. Bertin wrote:
> > Hi,

Hello Ingo,

> > I'm running KDE PIM 4.13.3 but just updated my KDE libs to 4.14.11
> > (git/head). Moments ago kontact crashed on me (hopefully unrelated),
> > and now I'm getting an echo (on the calling terminal) of the (ascii)
> > code of every key I hit in text/message body frames but also in the
> > subject line. Quite annoying.
> 
> I'm seeing this in KMail resp., more specifically, in KMail's new mail
> composer. It's indeed pretty annoying.

It is not just annoying. Its a security / privacy hole.

> > Is this a debugging feature in KDE PIM that I somehow triggered, or
> > should I file a kdelibs bug report?
> 
> My guess is that someone added a corresponding debug statement to KMail
> to track down some bug and then forgot to remove it again before pushing
> the fix. I suggest filing a bug for KMail, but it's possible that it
> will be closed immediately because it has already been fixed for the
> next version KMail/Kontact (which will be based on Qt5/KF5).

This is also in Konqueror and actually it is a security hole as it basically 
implements a local keylogger. Anything with access to ~/.xsession-errors can 
grab everything typed within KMail an Konqueror.

Bug#799186: konqueror: now comes with built-in keylogger
http://bugs.debian.org/799186

I will report it upstream until Thorsten beats me to it.

Thanks,
-- 
Martin
_______________________________________________
KDE PIM users mailing list
Subscription management: https://mail.kde.org/mailman/listinfo/kdepim-users


More information about the kdepim-users mailing list