[Xfce-bugs] [Bug 10581] When hibernating, xfce request for password is hidden behind the hibernate dialog.

bugzilla-daemon at xfce.org bugzilla-daemon at xfce.org
Mon Dec 1 14:07:50 CET 2014


https://bugzilla.xfce.org/show_bug.cgi?id=10581

--- Comment #4 from Steve Dodier-Lazaro <sidnioulz at gmail.com> ---
>From a security perspective, we should be able to guarantee that we take the
user from the Xfce shutdown dialog where they clicked to the proper PolicyKit
agent asking for their password, rather than just let any dialog come up and
ask for passwords. This is rather hard if we don't control the PolicyKit agent
in use.

We can't do much about malware creating modal spoofs of the polkit agent (this
is an impossible problem under X11) but can we at least wait until we know the
agent is done spawning before releasing modality on the Xfce dialog?

Question: does the Xfce shutdown dialog need to be re-displayed after a
successful / failed interaction with the agent? Or do we consider that the
agent is in charge of providing feedback on the outcome of the user clicking on
"Hibernate"? Maybe it's better to just remove the dialog at this point.

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the Xfce-bugs mailing list