Bug#474024: malicious applications can print text over gksu window
Gustavo Noronha
kov at debian.org
Sat May 16 12:56:13 UTC 2009
On Tue, 2009-05-05 at 13:00 +0300, Timo Juhani Lindfors wrote:
> Gustavo Noronha <kov at debian.org> writes:
> > Sounds good! Would you provide a patch to the manpage, explaining these
> > issues?
>
> Would the attached patch do?
I think saying it's ineffective is a bit too much. It does block
applications which are using a specific technique, so it's partially
effective. But otherwise looks good to me.
I'll have it applied with a minor modification:
able to read the password by eavesdropping the X connection. However,
this is ineffective against malicious applications that use ptrace() to
capture the password. See http://bugs.debian.org/474024 for more info.
Sounds good to you?
--
Gustavo Noronha <kov at debian.org>
Debian Project
More information about the pkg-gnome-maintainers
mailing list