Re: visible passwd bug in kdm ?

J. Sean Connell (ankh@CANUCK.GEN.NZ)
Mon, 15 Dec 1997 13:59:40 +1300

On Wed, 10 Dec 1997, Sascha Runschke wrote:

> it seems that there is a bug in the login procedure of the kdm environment.
> If you type your passwd when prompted for it and afterwards try to mark the
> invisible passwd with the mouse, it suddenly becomes visible.
>
> I don't think it's that dangerous, but there might be a situation where you
> cannot end your login-sequence and someone else is able to access your
> station.
>
> I did not check the code yet, because I do not use kdm. But maybe
> I'll have a look later.

I don't know about this exact problem, but there is a generic problem with
Qt in this regard: A text entry field that has been set to "password" mode
still permits selection (and therefore copying) of the plaintext contents.
I spoke with Arnt Gulbrandsen at Troll Tech about this after discovering it
myself while working on a nice GUI s/key calculator (email me if you're
interested). I can't remember what he said about why it was that way, but
after I pointed out that while under Windows inadvertent selection does not
cause copy, it *does* under X - which makes accidentally pasting your
password into the wrong window (or even having someone snoop it out of your
server - yeah, this is rather unrealistic ;) trivially easy. He concurred
and mumbled something about it being fixed in 1.4 or so.

Please note that I have no connection with Troll Tech other than being a
personal friend of Arnt's, and that anything in the preceding paragraph
could be wrong. Arnt, further comment from the proverbial horse's
mouth? (And please don't shoot me ;)

--
J. S. Connell      | Systems Adminstrator, ICONZ.  Any opinions stated above
ankh@canuck.gen.nz | are not my employers', not my boyfriends', my God's, my
ankh@iconz.co.nz   | friends', and probably not even my own.
-------------------+---------------------------------------------------------
            PGP key at http://www.canuck.gen.nz/~ankh/pgpkey.html