Re: visible passwd bug in kdm ?

[agulbra () TROLL NO (Arnt Gulbrandsen)]

"J. Sean Connell" <ankh () canuck gen nz>
> On Wed, 10 Dec 1997, Sascha Runschke wrote:
>
> > it seems that there is a bug in the login procedure of the kdm environment.
> > If you type your passwd when prompted for it and afterwards try to mark the
> > invisible passwd with the mouse, it suddenly becomes visible.
> >
> > I don't think it's that dangerous, but there might be a situation where you
> > cannot end your login-sequence and someone else is able to access your
> > station.
> >
> > I did not check the code yet, because I do not use kdm. But maybe
> > I'll have a look later.
>
> I don't know about this exact problem, but there is a generic problem with
> Qt in this regard:

Which is almost certainly not the same problem.  I expect the KDE
problem is a kdm-specific bug.

> A text entry field that has been set to "password" mode
> still permits selection (and therefore copying) of the plaintext contents.
> I spoke with Arnt Gulbrandsen at Troll Tech about this after discovering it
> myself while working on a nice GUI s/key calculator (email me if you're
> interested). I can't remember what he said about why it was that way, but
> after I pointed out that while under Windows inadvertent selection does not
> cause copy, it *does* under X - which makes accidentally pasting your
> password into the wrong window (or even having someone snoop it out of your
> server - yeah, this is rather unrealistic ;) trivially easy. He concurred
> and mumbled something about it being fixed in 1.4 or so.

As I remember it, I committed the fix to our CVS archive on the same
day that you convinced me:)

> Please note that I have no connection with Troll Tech other than being a
> personal friend of Arnt's, and that anything in the preceding paragraph
> could be wrong.  Arnt, further comment from the proverbial horse's
> mouth? (And please don't shoot me ;)

Further comments would be off-topic on bugtraq, and niggles beside.

--Arnt (just now back from vacation)