Re: apparently serious keyboard grabbing *SECURITY* issue

[Matt Chapman <matthewc@xxxxxxxxxxxxxxx>]

This is partly xscreensaver's fault, since it tries to grab the
keyboard *before* creating its window (and hence rdesktop losing
focus), and still proceeds after failing to do so.  It doesn't
happen with the other xlock implementation I've tried (e.g.
xlockmore), which map their window first.

Comparing rdesktop's grabbing behaviour to other similar software:

* vmware grabs the pointer as well as the keyboard, which causes
  xscreensaver to fail to start altogether.  (Arguably this could
  be a security problem as well, if people rely on lock-mode to lock
  their workstations when they walk away.)

* VNC doesn't grab the keyboard at all.

I'm happy to change the default to not grab.  Comments?

Matt


On Sun, Jan 20, 2002 at 06:52:04AM +1100, Sam Johnston wrote:
> more info over here:
> 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=125771&repeatmerged=yes
> 
> basically, rdesktop sees keystrokes it shouldn't see - like passwords 
> being typed into screen savers. the people discussing it on the 
> aforementioned bug report seem fairly concerned about it.
> 
> mail
> 
> 125771@bugs.debian.org
> 
> if you have anything interesting to say on the subject.
> 
>  - samj
>