policykit password dialog should grab keyboard

Bug #630226 reported by komputes on 2010-09-04
264
This bug affects 1 person
Affects Status Importance Assigned to Milestone
policykit-1-gnome (Ubuntu)
Medium
Unassigned

Bug Description

Binary package hint: policykit

policykit password dialog is insecure as they have the ability of being overlapped by another window opening. For example, a dialog is presented, nautilus presents another window due to inserting a disk. You password is now shown in the bottom right of the nautilus window as if you were searching for a filename within the window. You password is presented to anyone watching in cleartext.

Expecting: In 8.04 we had consistency. All password prompts in the GUI used gksudo which grayed out the rest of the screen blocking any interference from other apps. We have lost that security and introduced inconsistencies in the way of entering a password meaning anyone could write a program asking for a password and a user would not know. Policykit also asks for a password for each administrative utility (unlike gksudo which remembered that you used it for ~15 min).

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: policykit (not installed)
ProcVersionSignature: Ubuntu 2.6.32-24.42-generic 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-generic i686
Architecture: i386
Date: Sat Sep 4 09:54:47 2010
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Release Candidate i386 (20100419.1)
ProcEnviron:
 LANGUAGE=en_US:en_CA:en
 LANG=en_US.utf8
 SHELL=/bin/bash
SourcePackage: policykit

visibility: private → public
Kees Cook (kees) on 2010-10-02
Changed in policykit (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Canonical Desktop Team (canonical-desktop-team)

I think the design for this should be considered under the rubric of notifications. I'll subscribe mpt to see if we can get some feedback regarding how the pol-kit password notification should work from a Ux perspective.

Chris Coulson (chrisccoulson) wrote :

Note that davidz has said before that the long term plan is to have the authentication agent running in a separate session, which will help to avoid issues like this.

Chris Coulson (chrisccoulson) wrote :
affects: policykit (Ubuntu) → policykit-1-gnome (Ubuntu)
Martin Pitt (pitti) wrote :

The password dialog should grab the keyboard and mouse, similarly to gksu.

summary: - policykit password dialog is insecure
+ policykit password dialog should grab keyboard
Martin Pitt (pitti) on 2011-02-21
Changed in policykit-1-gnome (Ubuntu):
assignee: Canonical Desktop Team (canonical-desktop-team) → nobody
Jamie Strandboge (jdstrand) wrote :

I haven't seen this in Ubuntu 11.04. Is this still a problem?

Changed in policykit-1-gnome (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: Confirmed → Incomplete
komputes (komputes) wrote :

On quick systems you will not see an issue with this. On slow systems a policykit auth window may show up after having clicked something else. The face that the dialog does not take focus and block input into other windows is still an issue. This is better explained in Bug #651734: Policykit password dialogs are insecure as they do not keep focus.

Changed in policykit-1-gnome (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
status: Incomplete → Confirmed
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Related blueprints