Comment 0 for bug 651734

Binary package hint: policykit-1-gnome

Policykit password dialogs are insecure as they do not keep focus. There are advantages to the way gnome-screensaver and gksudo treat the password prompt. As it blocks out any other input or window, you are less likely to be inputting to another source.

I have experienced many time where I either discovered a password or shared my own because of this flaw in policykit.

Examples of the issue:
-Start an administrative utility which requests a password
-Get the password prompt up
-Either inset a usb disk or if you have touchpad sensitivity (tapp to click) **axidentally** click on a nautilus window in the background
-Type the password ans it shows up as a file search in the bottom right of the nautilus window

As you can see there are benefits to making sure the password is entered into the password prompt. policykit and many other password prompts do not lock out screen meaning the risk is higher that everyone will be able to see your passphrase in cleartext.

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: policykit-1-gnome 0.96-2ubuntu2
ProcVersionSignature: Ubuntu 2.6.32-24.43-generic 2.6.32.15+drm33.5
Uname: Linux 2.6.32-24-generic i686
NonfreeKernelModules: wl
Architecture: i386
Date: Wed Sep 29 22:51:43 2010
InstallationMedia: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release i386 (20100816.1)
ProcEnviron:
 LANG=en_US.utf8
 SHELL=/bin/bash
SourcePackage: policykit-1-gnome