New windows shouldn't steal focus

This can be rather annoying, and can constitute a security risk if the window is appropriately timed. Bug #43760 is similar, but only covers Evolution's dialogs.

Bug #43760 was more about the fact that evolution shouldn't make warnings pop all the time. I think this bug is more fundamental in the sense that even if popping up a window is justified, it is *never* (I still haven't found a counter-example) justified to make the new window steal focus. It's a very dangerous thing to do. Most (older) window managers used to have an option to control that. Not only did metacity remove that option, but it left the bad behaviour as the only option available.

Here's another case to consider -- a bit unlikely, but quite catastrophic.
1) My system has a high load and is slow
2) I fire up a terminal, but it takes a long time before showing up
3) I go back to another terminal and in some directory, I type "rm -rf *"
4) A fraction of a second before 3) happens, my new terminal pops up and steals focus (without me noticing)
5) I just deleted my entire home directory because I didn't notice 4) fast enough.

I'd basically call this a user-based race condition.

Thanks for your bug. How do you start your applications? From the panel?

I sometimes use the panel, sometimes the terminal. I don't see what it changes. In all cases, the windows that open get focus automatically, which is just plain bad.

it changes that the logic depends of the way apps are started. The questions are here to make easier to figure why it's broken for you and not other people. Replying to the question usually make easier for people to fix your issue, just saying "it doesn't work right" is often of no use for that

OK, just trying to understand... Are you telling me that on your machine, the windows popup without gaining focus automatically? This happens on all three Dapper (and previous releases) machines I have, so I just assumed that it was the case for everyone.

OK, this bug is still marked as "Needs Info". What other info is needed?

This message indicates that the focus behavior for new windows should be controlled by the setting of a gconf key called /apps/metacity/general/focus_new_windows:

https://lists.ubuntu.com/archives/dapper-changes/2006-April/009538.html

According to the above, if one issues the command

gconftool-2 --set /apps/metacity/general/focus_new_windows --type string strict

then new windows won't get focus unless they appear under the mouse pointer. The long description in gconf is "This option provides additional control over how newly created windows get focus. It has two possible values; "smart" applies the user's normal focus mode, and "strict" results in windows started from a terminal not being given focus."

However, on my system (Dapper, with focus_mode set to "mouse") newly-created windows always get the focus even when focus_new_windows is set to "strict"). For example, typing 'xterm' in a gnome-terminal causes an xterm to pop up, and the focus goes to the new xterm even though the mouse pointer is at the original gnome-terminal.

Having a key in gconf is nice, but it doesn't change the fact that automatically giving focus to a new window (by default!) constitutes not only a security issue (typing a passwd in the wrong window), but a potential for data loss (typing "rm -rf *" in the wrong terminal). Maybe I should file it under "security" so it gets some attention.

The security issue is very real and probably wouldn't be that hard to exploit remotely. Consider Alice logging on to Bob's server with ssh. Malicious user Mallory is already logged on the server and detects the attempt (seeing sshd starting with ps) and automatically sends an IM message to Alice ("Hi Alice, how are you?"). There is a non-zero probability that Alice will not see the IM window open and accidently type his/her password right into Mallory's IM window, giving away her password.

Agreed. I personally have typed part of my password into the wrong
application window when it popped up and stole focus. Didn't end up
accidentally sending the password to someone else, fortunately, but in
principle it could have happened.

Personally I like the idea of making this a user-adjustable setting, but
I'd prefer making "strict" be the default.

On Mon, 2006-07-31 at 01:02 +0000, jmspeex wrote:
> Having a key in gconf is nice, but it doesn't change the fact that
> automatically giving focus to a new window (by default!) constitutes not
> only a security issue (typing a passwd in the wrong window), but a
> potential for data loss (typing "rm -rf *" in the wrong terminal). Maybe
> I should file it under "security" so it gets some attention.
>
> The security issue is very real and probably wouldn't be that hard to
> exploit remotely. Consider Alice logging on to Bob's server with ssh.
> Malicious user Mallory is already logged on the server and detects the
> attempt (seeing sshd starting with ps) and automatically sends an IM
> message to Alice ("Hi Alice, how are you?"). There is a non-zero
> probability that Alice will not see the IM window open and accidently
> type his/her password right into Mallory's IM window, giving away her
> password.
>
--
Chris Koresko <email address hidden>
Michelson Science Center, Caltech

Not sure what's going on with metacity/gconf, but I tried:
gconftool-2 --set /apps/metacity/general/focus_new_windows --type string strict
and though the setting was changed (checked with gconf-editor), there's no change in metacity's behaviour.

Ah, then you are confirming the behavior I reported above.

This shouldn't be marked as a duplicate of 67476: that bug is about the behaviour of transient dialog windows. This bug is about the behaviour of all freshly generated windows (gnome-terminal, emacs, whatever), and the fact that a gconf setting is not working as advertised. (It may be that fixing this bug will also fix 67476.)

This bug is annoying and a security risk, and seems to have been languishing since 2006.

This bug still occurs. I'm on Ubuntu 9.10 Karmic, and I'm suffering it. It's really annoying. More than one time I have accepted dialogs which I couldn't read because I pressed ENTER after writing text in other window.
This can screw things up in a very bad way.

I just found this one, I also blamed this on gnome-panel: Bug 572690

When launching by gnome-panel oder menu, it is solvable: The launched application's window should get focus only if gnome-panel still has. If the user decided to do something after the launch click, the launched application's window should open behind the currently focussed window. This behavior can be seen at Windows XP too for example.

Another approach could be a timed behavior: If a mouse or keyboard event occured the last x seconds, a window of an application different to the currently focussed one is opened in background. That would also cover chat- and other popup events.

As opposed to Koresko's experience, when I change the focus_mode to 'strict' I get a change in behaviour. My metacity version is 2.30.1 on Ubuntu 10.04.