tag 474024 fixed-upstream thanks On Sat, 2009-05-16 at 16:14 +0300, Timo Juhani Lindfors wrote: > Gustavo Noronha <k...@debian.org> writes: > > able to read the password by eavesdropping the X connection. However, > > this is ineffective against malicious applications that use ptrace() to > > capture the password. See http://bugs.debian.org/474024 for more info. > > Doesn't this give the wrong impression? Somebody might disable ptrace > from their system and think they are safe? > > In reality also ltrace (using LD_PRELOAD) can capture the password.
I have committed the following: +.PP +.B gksu +tries to "lock" the keyboard, mouse and focus to prevent other +applications from being able to read the password by eavesdropping the +X connection. However, this is not enough to ensure 100% protection, +since malicious applications can still use tracing calls such as +ptrace() to capture the password. See Debian bug #474024 for more +info. Thanks for your work on this! See you, -- Gustavo Noronha <k...@debian.org> Debian Project -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
