Bug 234362

Summary: Server grab easily bypassed
Product: [Unmaintained] kdm Reporter: David Moreno <dmoreno>
Component: generalAssignee: kdm bugs tracker <kdm-bugs-null>
Status: RESOLVED WORKSFORME    
Severity: normal CC: rdieter
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description David Moreno 2010-04-14 17:49:52 UTC 
Version:            (using KDE 4.3.5)
OS:                Linux
Installed from:    Ubuntu Packages

Server grab is performed on kdm to avoid certain attacks. 

It can be easily bypassed just by opening nay menu (session chooser, for example). Then the X ungrabs the server.

It can be tested opening a virtual keyboard (I tested with klavier, add it as "(sleep 2; klavier ) &" at /etc/kde4/kdm/Xsetup. It should not be usable, but if any menu is opened, it becomes usable.
Comment 1 Oswald Buddenhagen 2010-04-29 01:03:17 UTC 
hmpf. kdm "chases behind" qt to immediately re-grab the inputs once the popups are gone. this worked at some point, so maybe a newer qt broke it. is the ungrab really permanent or is there something you can do (other than restarting the greeter) to make klavier not work again?
Comment 2 Oswald Buddenhagen 2011-05-14 11:31:02 UTC 
works for me with qt 4.7.3, x server 1.9.99.901.
Comment 3 Rex Dieter 2011-05-16 21:12:10 UTC 
on kdm screen,  either using mouse or keyboard to navigate
menu->Shutdown
results in a 
"T_urn of Computer"
"R_estart Computer"
"C_ancel"
dialog that (still) cannot be controlled via keyboard.  It's as if it lacks focus.

Tested on Fedora 15 with qt-4.7.3, kde-4.6.3, x server 1.10.1
Comment 4 Rex Dieter 2012-02-13 14:26:45 UTC 
Per my comment to bug #268988 , adding to /etc/kde/kdm/kdmrc either:
GrabInput=Always
or
GrabServer=true
seems to help the immediate issue for me.