Re: xscreensaver and gqview (security flaw?)
Brian May writes:
> I have noticed something strange, and potentially bad about
> who these programs interact.
I've been trying to reproduce this... most of the time gqview eats the
keys instead, but I have been able to get my password to appear in my
rxvt once. Can't figure out how I did it.
> APM (not sure if using APM is important or not).
The lack of APM doesn't seem to affect it over here.
> 4. come to computer, push any key. screen turns on but remains
> blank. In fact, nothing I push comes up with the password prompt. I
> can get the prompt by moving the mouse, but cannot type in the
> password.
GQView grabs the keyboard (img-main.c line 261), and xscreensaver
tells me this:
xscreensaver: couldn't grab keyboard! (AlreadyGrabbed)
leaving the keyboard grabbed is definetly a bad thing, but I'm not
really sure if gqview is to blame here. Could be xscreensaver, could
be the WM... :-/
> 5. push escape. I believe this closes of the full screen display in
> gqview.
I see the gqview window pop up again; probably a window manager thing.
I can't do mouse actions with it as xscreensaver has the cursor, but
keystrokes work. If I do it in twm with interactive mapping turned on,
twm waits until xscreensaver goes away to map it.
> I would presume that only the xscreensaver could have focus, as it
> is in front.
It is possible for the window to be marked as "no input" or simply not
set the mask for keyboard events. I'm digging through the xscreensaver
source but it's a little more difficult than gqview.
--
There is no TRUTH. There is no REALITY. There is no CONSISTENCY. There
are no ABSOLUTE STATEMENTS. I'm very probably wrong. -- BSD fortune(6)
Reply to: