Bugtraq mailing list archives
Re: visible passwd bug in kdm ?
From: agulbra () TROLL NO (Arnt Gulbrandsen)
Date: Sat, 3 Jan 1998 01:00:50 +0100
"J. Sean Connell" <ankh () canuck gen nz>
On Wed, 10 Dec 1997, Sascha Runschke wrote:it seems that there is a bug in the login procedure of the kdm environment. If you type your passwd when prompted for it and afterwards try to mark the invisible passwd with the mouse, it suddenly becomes visible. I don't think it's that dangerous, but there might be a situation where you cannot end your login-sequence and someone else is able to access your station. I did not check the code yet, because I do not use kdm. But maybe I'll have a look later.I don't know about this exact problem, but there is a generic problem with Qt in this regard:
Which is almost certainly not the same problem. I expect the KDE problem is a kdm-specific bug.
A text entry field that has been set to "password" mode still permits selection (and therefore copying) of the plaintext contents. I spoke with Arnt Gulbrandsen at Troll Tech about this after discovering it myself while working on a nice GUI s/key calculator (email me if you're interested). I can't remember what he said about why it was that way, but after I pointed out that while under Windows inadvertent selection does not cause copy, it *does* under X - which makes accidentally pasting your password into the wrong window (or even having someone snoop it out of your server - yeah, this is rather unrealistic ;) trivially easy. He concurred and mumbled something about it being fixed in 1.4 or so.
As I remember it, I committed the fix to our CVS archive on the same day that you convinced me:)
Please note that I have no connection with Troll Tech other than being a personal friend of Arnt's, and that anything in the preceding paragraph could be wrong. Arnt, further comment from the proverbial horse's mouth? (And please don't shoot me ;)
Further comments would be off-topic on bugtraq, and niggles beside. --Arnt (just now back from vacation)
Current thread:
- Re: visible passwd bug in kdm ? Arnt Gulbrandsen (Jan 02)