Bug ID 1194809
Summary Possible password leak by windows stealing focus
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware All
OS openSUSE Tumbleweed
Status NEW
Severity Major
Priority P5 - None
Component GNOME
Assignee gnome-bugs@suse.de
Reporter martin.wilck@suse.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker ---

Yesterday I lost (luckily only part of) an important password as follows:

I was running pidgin as IRC client. pidgin was configured to autoconnect to
some channels on irc.suse.de. I activated the SUSE VPN via the GNOME VPN panel.
I continued working in the terminal.

I ran a command in the terminal that required typing a password (as usual in
terminal applications, typing passwords provides no visual feedback like
"***"). I pressed "enter" and nothing happened. At this point I realized that
the 2nd half of the password had ended up in the pidgin window.

What happened? If an IRC server is unreachable, pidgin polls in the background
in a certain interval (a few minutes I think). When the server becomes
reachable, it connects to it, which causes the typical startup dialog &
messages ("You are connected to irc1.suse.de ....") to be displayed. At this
moment, the pidgin window pops up and grabs the keyboard focus. As the window
is relatively small and my screen is large, and I was looking at the keyboard
while typing (because I usually do when typing passwords), I didn't notice this
immediately, and typed part of the password to the pidgin window.

This is particularly nasty, because after establishing the VPN connection, the
window pops up after a non-deterministic time interval which is between a few
seconds and ~5 minutes. You can't "wait" for this to happen, and if you don't,
you're likely to forget that the connection process is going on in the
background.

Also, making matters worse, when the pidgin window pops up because of a message
in some chat, the focus isn't necessarily in the chat (tab in the pidgin
window) that caused the pop-up, but in some currently selected chat. In the
case at hand, I'd typed my password at to libera.chat's "NickServ" bot (which
didn't recongnize it as command, but might have logged what I typed).

For the time being, I've disabled the "auto-join" feature for all pidgin
channels on irc.suse.de. But I'm unsure if that actually helps, because I
believe that pidgin would try to connect to IRC accounts nonetheless, and if it
does, the typical login / connect dialogs might cause the window to pop up even
if no chats are configured to connect automatically.

See also
https://askubuntu.com/questions/1084032/how-to-prevent-new-windows-from-stealing-focus

There someone suggests using 

> gsettings set org.gnome.desktop.wm.preferences focus-new-windows 'strict'

I've tried that setting on TW (GNOME 41.3) and saw no change in behavior.

A simple test is typing something like this in the terminal:

> $ gedit &
> $ abcdefg.... # continue typing

At some point, gedit will pop up and the text will end up in the gedit window.

Note that this happens with gedit but not e.g. with emacs or libreoffice
writer. So it depends on the application. Also, some applications (e.g. the ssh
and gpg askpass tools) use a different API that does this much better - the
entire screen gets locked and changes color, so that typing something at the
wrong window is practically impossible. This behavior would be inapparopriate
for an application like gedit, though.

The behavior of gedit and pidgin under GNOME is highly dangerous. I've reason
to believe that other Window Managers (or X in general) behave similarly.


You are receiving this mail because: