https://bugzilla.suse.com/show_bug.cgi?id=1194809 Bug ID: 1194809 Summary: Possible password leak by windows stealing focus Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: All OS: openSUSE Tumbleweed Status: NEW Severity: Major Priority: P5 - None Component: GNOME Assignee: gnome-bugs@suse.de Reporter: martin.wilck@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Yesterday I lost (luckily only part of) an important password as follows: I was running pidgin as IRC client. pidgin was configured to autoconnect to some channels on irc.suse.de. I activated the SUSE VPN via the GNOME VPN panel. I continued working in the terminal. I ran a command in the terminal that required typing a password (as usual in terminal applications, typing passwords provides no visual feedback like "***"). I pressed "enter" and nothing happened. At this point I realized that the 2nd half of the password had ended up in the pidgin window. What happened? If an IRC server is unreachable, pidgin polls in the background in a certain interval (a few minutes I think). When the server becomes reachable, it connects to it, which causes the typical startup dialog & messages ("You are connected to irc1.suse.de ....") to be displayed. At this moment, the pidgin window pops up and grabs the keyboard focus. As the window is relatively small and my screen is large, and I was looking at the keyboard while typing (because I usually do when typing passwords), I didn't notice this immediately, and typed part of the password to the pidgin window. This is particularly nasty, because after establishing the VPN connection, the window pops up after a non-deterministic time interval which is between a few seconds and ~5 minutes. You can't "wait" for this to happen, and if you don't, you're likely to forget that the connection process is going on in the background. Also, making matters worse, when the pidgin window pops up because of a message in some chat, the focus isn't necessarily in the chat (tab in the pidgin window) that caused the pop-up, but in some currently selected chat. In the case at hand, I'd typed my password at to libera.chat's "NickServ" bot (which didn't recongnize it as command, but might have logged what I typed). For the time being, I've disabled the "auto-join" feature for all pidgin channels on irc.suse.de. But I'm unsure if that actually helps, because I believe that pidgin would try to connect to IRC accounts nonetheless, and if it does, the typical login / connect dialogs might cause the window to pop up even if no chats are configured to connect automatically. See also https://askubuntu.com/questions/1084032/how-to-prevent-new-windows-from-stea... There someone suggests using
gsettings set org.gnome.desktop.wm.preferences focus-new-windows 'strict'
I've tried that setting on TW (GNOME 41.3) and saw no change in behavior. A simple test is typing something like this in the terminal:
$ gedit & $ abcdefg.... # continue typing
At some point, gedit will pop up and the text will end up in the gedit window. Note that this happens with gedit but not e.g. with emacs or libreoffice writer. So it depends on the application. Also, some applications (e.g. the ssh and gpg askpass tools) use a different API that does this much better - the entire screen gets locked and changes color, so that typing something at the wrong window is practically impossible. This behavior would be inapparopriate for an application like gedit, though. The behavior of gedit and pidgin under GNOME is highly dangerous. I've reason to believe that other Window Managers (or X in general) behave similarly. -- You are receiving this mail because: You are on the CC list for the bug.