"J. Sean Connell" <ankhat_private> > On Wed, 10 Dec 1997, Sascha Runschke wrote: > > > it seems that there is a bug in the login procedure of the kdm environment. > > If you type your passwd when prompted for it and afterwards try to mark the > > invisible passwd with the mouse, it suddenly becomes visible. > > > > I don't think it's that dangerous, but there might be a situation where you > > cannot end your login-sequence and someone else is able to access your > > station. > > > > I did not check the code yet, because I do not use kdm. But maybe > > I'll have a look later. > > I don't know about this exact problem, but there is a generic problem with > Qt in this regard: Which is almost certainly not the same problem. I expect the KDE problem is a kdm-specific bug. > A text entry field that has been set to "password" mode > still permits selection (and therefore copying) of the plaintext contents. > I spoke with Arnt Gulbrandsen at Troll Tech about this after discovering it > myself while working on a nice GUI s/key calculator (email me if you're > interested). I can't remember what he said about why it was that way, but > after I pointed out that while under Windows inadvertent selection does not > cause copy, it *does* under X - which makes accidentally pasting your > password into the wrong window (or even having someone snoop it out of your > server - yeah, this is rather unrealistic ;) trivially easy. He concurred > and mumbled something about it being fixed in 1.4 or so. As I remember it, I committed the fix to our CVS archive on the same day that you convinced me:) > Please note that I have no connection with Troll Tech other than being a > personal friend of Arnt's, and that anything in the preceding paragraph > could be wrong. Arnt, further comment from the proverbial horse's > mouth? (And please don't shoot me ;) Further comments would be off-topic on bugtraq, and niggles beside. --Arnt (just now back from vacation)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:38:08 PDT