sudo password field allows other applications to steal focus
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| apport (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
When apport asks for the sudo passwords, other applications or dialogs can steal focus. This is inacceptable because it leads to leaked passwords. Moreover, it is inconvenient because the apport sudo dialog contains possibly a part of the password and the other application the other part, requiring to retype it.
observed behavior:
1. apport asks for sudo rights.
2. I start typing the password.
3. network manager has disconnected from wifi and asks for wifi password, with the wifi password dialog getting focussed.
4. The remaining characters that I type go into the second application (network manager) with the enter key causing an unintended action.
expected behavior:
When typing a password, no other application can be focussed automatically (i.e. not by user action) until I have finished typing the password.
This can be implemented as:
- in all UI toolkits, if a password input field is focussed and the user is currently typing (timeout after last keys stroke), the application locks focus.
- make sudo dialog system-modal, and the window manager does not allow anything else being focussed by non-user action.
Ubuntu 16.04
apport-gtk 2.20.1-0ubuntu2.1
| description: | updated |
