Bug 383052

Summary: KDE allows applications to freeze whole GUI
Product: [Plasma] kwin Reporter: Alain Knaff <kde>
Component: generalAssignee: KWin default assignee <kwin-bugs-null>
Status: RESOLVED NOT A BUG    
Severity: normal Flags: mgraesslin: Wayland-
mgraesslin: X11+
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Debian stable   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Alain Knaff 2017-08-02 15:38:35 UTC 
Currently, Firefox is able to freeze the entire GUI. Not sure how they're doing it, but KDE should not allow such shenanigans. The Window system should protect the applications against each other, whether they are just clumsy or malicious.

The below link points to the report on Mozilla's bugzilla about this issue.
https://bugzilla.mozilla.org/show_bug.cgi?id=1386699
Comment 1 Martin Flöser 2017-08-02 15:42:15 UTC 
Sorry, but I need a little bit more information about the problem than "current Firefox". I don't have access to this Firefox version, thus I cannot investigate.
Comment 2 Martin Flöser 2017-08-02 15:42:45 UTC 
Resetting importance till it's investigated whether there is really a severe issue.
Comment 3 Alain Knaff 2017-08-02 15:43:23 UTC 
52.2.0 (64-bit)
Comment 4 Martin Flöser 2017-08-02 15:46:50 UTC 
This is not a problem in the window manager and also not a problem the window manager can prevent. The X11 protocol allows applications to grab keyboard input. This is a standard feature of any context menu. The general pattern is to release the grab as soon as one clicks outside the context menu. Firefox is not doing that apparently.

I'm sorry, but we cannot do anything about it on X11.
Comment 5 Alain Knaff 2017-08-02 15:50:17 UTC 
> The X11 protocol allows applications to grab keyboard input

However, it's not just the keyboard, but the mouse too.
Comment 6 Alain Knaff 2017-08-02 16:04:26 UTC 
Indeed, it seems to be XGrabKeyboard that they are doing, thanks for the pointer.

The workaround at https://bugs.freedesktop.org/show_bug.cgi?id=21652#c4 succeeds in addressing the issue, without any negative side-effects.

I'm just wondering why such disruptive functions still exist in the X API :-(
Comment 7 Martin Flöser 2017-08-02 18:47:05 UTC 
> I'm just wondering why such disruptive functions still exist in the X API :-(

Because you cannot break it. In fact currently there are proposals to add exactly this to Wayland to allow backward compatibility.
Comment 8 Alain Knaff 2017-08-02 18:54:05 UTC 
>> I'm just wondering why such disruptive functions still exist in the X API :-(
>
> Because you cannot break it.

But *why* can't you remove it? Even screensavers don't depend on this nowadays (just tried it. Start sesson with xgrab.so workaround. Lock Screen. Press Alt-F2. Nope, this *doesn't* bring up a command prompt, screen stays safely locked.)

> In fact currently there are proposals to add exactly this to Wayland to allow backward compatibility.

One more reason not to move over to Wayland... But seriously, what kind of *useful* functionality is this supposed to bring? I mean, useful to the user, not to advertisers, marketers, spammers and scammers...