Re: apparently serious keyboard grabbing *SECURITY* issue

[Sam Johnston <samj@xxxxxxxx>]

Matt Chapman wrote:
> This is partly xscreensaver's fault, since it tries to grab the
> keyboard *before* creating its window (and hence rdesktop losing
> focus), and still proceeds after failing to do so.  It doesn't
> happen with the other xlock implementation I've tried (e.g.
> xlockmore), which map their window first.
> 
> Comparing rdesktop's grabbing behaviour to other similar software:
> 
> * vmware grabs the pointer as well as the keyboard, which causes
>   xscreensaver to fail to start altogether.  (Arguably this could
>   be a security problem as well, if people rely on lock-mode to lock
>   their workstations when they walk away.)
> 
> * VNC doesn't grab the keyboard at all.
> 
> I'm happy to change the default to not grab.  Comments?
> 

What would the side effects of this change likely be?

Tried to apply the patches to the debian package tonight but without 
success. The RDP server stuff looks interesting but I'm not sure whether 
it should be integrated in the patches - things would have been much 
simpler had it have been separate.

  - samj