Re: visible passwd bug in kdm ?

[ankh () CANUCK GEN NZ (J. Sean Connell)]

On Wed, 10 Dec 1997, Sascha Runschke wrote:

> it seems that there is a bug in the login procedure of the kdm environment.
> If you type your passwd when prompted for it and afterwards try to mark the
> invisible passwd with the mouse, it suddenly becomes visible.
>
> I don't think it's that dangerous, but there might be a situation where you
> cannot end your login-sequence and someone else is able to access your
> station.
>
> I did not check the code yet, because I do not use kdm. But maybe
> I'll have a look later.

I don't know about this exact problem, but there is a generic problem with
Qt in this regard: A text entry field that has been set to "password" mode
still permits selection (and therefore copying) of the plaintext contents.
I spoke with Arnt Gulbrandsen at Troll Tech about this after discovering it
myself while working on a nice GUI s/key calculator (email me if you're
interested). I can't remember what he said about why it was that way, but
after I pointed out that while under Windows inadvertent selection does not
cause copy, it *does* under X - which makes accidentally pasting your
password into the wrong window (or even having someone snoop it out of your
server - yeah, this is rather unrealistic ;) trivially easy. He concurred
and mumbled something about it being fixed in 1.4 or so.

Please note that I have no connection with Troll Tech other than being a
personal friend of Arnt's, and that anything in the preceding paragraph
could be wrong.  Arnt, further comment from the proverbial horse's
mouth? (And please don't shoot me ;)

--
J. S. Connell      | Systems Adminstrator, ICONZ.  Any opinions stated above
ankh () canuck gen nz | are not my employers', not my boyfriends', my God's, my
ankh () iconz co nz   | friends', and probably not even my own.
-------------------+---------------------------------------------------------
            PGP key at http://www.canuck.gen.nz/~ankh/pgpkey.html