From sochotnicky at redhat.com Fri Apr 16 16:45:22 2010 From: sochotnicky at redhat.com (Stanislav Ochotnicky) Date: Fri, 16 Apr 2010 16:45:22 +0200 Subject: [PATCH] Fix pinentry-gtk-2 SIGSEGV when unfocusing with -g argument Message-ID: <4BC87802.3010507@redhat.com> Hi everyone, I am including a fix for pinentry-gtk-2 SIGSEGV bug when using --no-global-grab option. gdk_window_set_transient_for cannot be used with parent = NULL to unset transient hint (unlike gtk_ version which can). Replacement code is taken from gtk_window_transient_parent_unrealized Applied cleanly at least over 0.8.0 and 0.7.6 More info see: https://bugzilla.redhat.com/show_bug.cgi?id=520236 -- Stanislav Ochotnicky Associate Software Engineer - Base Operating Systems Brno Mobile: +420 775 633 759 Red Hat Inc. http://cz.redhat.com -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 0001-Fix-pinentry-gtk-2-SIGSEGV-when-unfocusing-with-g-ar.patch URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Mon Apr 19 13:27:32 2010 From: wk at gnupg.org (Werner Koch) Date: Mon, 19 Apr 2010 13:27:32 +0200 Subject: [PATCH] Fix pinentry-gtk-2 SIGSEGV when unfocusing with -g argument In-Reply-To: <4BC87802.3010507@redhat.com> (Stanislav Ochotnicky's message of "Fri, 16 Apr 2010 16:45:22 +0200") References: <4BC87802.3010507@redhat.com> Message-ID: <87wrw3iswr.fsf@vigenere.g10code.de> On Fri, 16 Apr 2010 16:45, sochotnicky at redhat.com said: > I am including a fix for pinentry-gtk-2 SIGSEGV bug when using > --no-global-grab option. Thanks. Applied to trunk. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From sochotnicky at redhat.com Mon Apr 26 14:31:02 2010 From: sochotnicky at redhat.com (Stanislav Ochotnicky) Date: Mon, 26 Apr 2010 14:31:02 +0200 Subject: pinentry-gtk-2 SIGABRT when unable to grab keyboard Message-ID: <4BD58786.3030608@redhat.com> Hi, we received quite a few bugreports about pinentry-gtk-2 abort-ing when it's unable to grab keyboard. See: https://bugzilla.redhat.com/show_bug.cgi?id=554884 I can see why we should be careful when unable to grab keyboard (passphrase sniffing, accidental input of passphrase to wrong window etc). But I am also wondering if we can make this better, because let's face it...crashing on users is not OK under normal circumstances. And pinentry can be used in situations when it cannot grab keyboard immediately but has to wait a bit... Code causing behaviour in question: if (gdk_keyboard_grab (win->window, FALSE, gdk_event_get_time (event))) g_error ("could not grab keyboard"); Abort happens in function grab_keyboard and can quite easily be reproduced by doing following (from bug #554884): 1. execute echo getpin | pinentry-gtk-2 2. change to another workspace using mouse (keyboard is grabbed) 3. change back to previous workspace using keyboard shortcut I believe changing workspace should not cause pinentry-gtk-2 to abort because this could be used for example to change to workspace with password manager program. There are also other ways to trigger this behaviour. I can think of either gracefully exiting pinentry-gtk-2, or even better...provide some sort of visual clue that there is a problem with grabbing keyboard and that user should not start typing their password yet. Myabe I missed some aspect of the problem entirely, so feel free to enlighten me. Regards, -- Stanislav Ochotnicky Associate Software Engineer - Base Operating Systems Brno Mobile: +420 775 633 759 Red Hat Inc. http://cz.redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: From wk at gnupg.org Mon Apr 26 18:08:28 2010 From: wk at gnupg.org (Werner Koch) Date: Mon, 26 Apr 2010 18:08:28 +0200 Subject: pinentry-gtk-2 SIGABRT when unable to grab keyboard In-Reply-To: <4BD58786.3030608@redhat.com> (Stanislav Ochotnicky's message of "Mon, 26 Apr 2010 14:31:02 +0200") References: <4BD58786.3030608@redhat.com> Message-ID: <87iq7edwn7.fsf@vigenere.g10code.de> On Mon, 26 Apr 2010 14:31, sochotnicky at redhat.com said: > Code causing behaviour in question: > if (gdk_keyboard_grab (win->window, FALSE, gdk_event_get_time (event))) > g_error ("could not grab keyboard"); The g_error causes the abort. This is probably because the function name g_error does not indicate that this is fatal. It would have been much better if the gtk folks would have named this g_fatal or g_die. I stepped into this trap several times in the past. Anyway I changed it so that the output will be OK Your orders please ** (pinentry-gtk-2:20766): CRITICAL **: could not grab keyboard ERR 83886179 canceled > I believe changing workspace should not cause pinentry-gtk-2 to abort > because this could be used for example to change to workspace with > password manager program. There are also other ways to trigger this It is actually intended that you can't use a password manager - gpg-agent is the password manager! If it would be possible to cut and paste between windows other programs could do this as well; we try to make this harder by grabbing the keyboard. Put "no-grab" into gpg-agent.conf if you don't like this feature. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. From marcus.brinkmann at ruhr-uni-bochum.de Mon Apr 26 21:28:21 2010 From: marcus.brinkmann at ruhr-uni-bochum.de (Marcus Brinkmann) Date: 26 Apr 2010 21:28:21 +0200 Subject: pinentry-gtk-2 SIGABRT when unable to grab keyboard In-Reply-To: <87iq7edwn7.fsf@vigenere.g10code.de> References: <4BD58786.3030608@redhat.com> <87iq7edwn7.fsf@vigenere.g10code.de> Message-ID: <4BD5E955.9060901@ruhr-uni-bochum.de> On 04/26/2010 06:08 PM, Werner Koch wrote: > It is actually intended that you can't use a password manager - > gpg-agent is the password manager! gpg-agent can cache passphrases, but it does not commit them to persistent storage, and also does not provide a wallet-like functionality. If it is intended to replace those, we should add these features. Thanks, Marcus From sochotnicky at redhat.com Tue Apr 27 16:36:24 2010 From: sochotnicky at redhat.com (Stanislav Ochotnicky) Date: Tue, 27 Apr 2010 16:36:24 +0200 Subject: [PATCH] pinentry-gtk-2: Fix ERROR: could not grab keyboard Message-ID: <20100427143624.GB20174@dhcp-30-74.brq.redhat.com> First let me note that this patch is probably not ideal, but it solves problems people in some window managers have with pinentry-gtk-2. Feel free to tear it apart, I can modify it if you have better solution. This is basically a workaround. In some cases when pinentry-gtk-2 received map-event but the window was not actually created yet. This has been true especially in *box window managers which caused pinentry-gtk to cancel dialog with error message. This patch adds 50ms timer before actually trying to grab keyboard. Simple tests showed that this is enough to fix grabbing failure and 50ms should be fast enought to prevent sniffing of keyboard input. --- gtk+-2/pinentry-gtk-2.c | 21 +++++++++++++-------- 1 files changed, 13 insertions(+), 8 deletions(-) diff --git a/gtk+-2/pinentry-gtk-2.c b/gtk+-2/pinentry-gtk-2.c index d4be09e..2b06ef5 100644 --- a/gtk+-2/pinentry-gtk-2.c +++ b/gtk+-2/pinentry-gtk-2.c @@ -127,20 +127,25 @@ make_transient (GtkWidget *win, GdkEvent *event, gpointer data) gdk_window_set_transient_for (win->window, root); } +static int grab_keyboard(void *win) +{ + if (gdk_keyboard_grab (((GtkWidget*)win)->window, FALSE, GDK_CURRENT_TIME)) + { + g_critical ("could not grab keyboard"); + grab_failed = 1; + gtk_main_quit (); + } + return FALSE; +} /* Grab the keyboard for maximum security */ static void -grab_keyboard (GtkWidget *win, GdkEvent *event, gpointer data) +grab_keyboard_timed (GtkWidget *win, GdkEvent *event, gpointer data) { if (! pinentry->grab) return; - if (gdk_keyboard_grab (win->window, FALSE, gdk_event_get_time (event))) - { - g_critical ("could not grab keyboard"); - grab_failed = 1; - gtk_main_quit (); - } + g_timeout_add(50, grab_keyboard, win); } @@ -311,7 +316,7 @@ create_window (int confirm_mode) g_signal_connect (G_OBJECT (win), pinentry->grab ? "map-event" : "focus-in-event", - G_CALLBACK (grab_keyboard), NULL); + G_CALLBACK (grab_keyboard_timed), NULL); g_signal_connect (G_OBJECT (win), pinentry->grab ? "unmap-event" : "focus-out-event", G_CALLBACK (ungrab_keyboard), NULL); -- 1.6.6.1 -- Stanislav Ochotnicky Associate Software Engineer - Base Operating Systems Brno Mobile: +420 775 633 759 Red Hat Inc. http://cz.redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From sochotnicky at redhat.com Tue Apr 27 17:26:09 2010 From: sochotnicky at redhat.com (Stanislav Ochotnicky) Date: Tue, 27 Apr 2010 17:26:09 +0200 Subject: [PATCH] pinentry-gtk-2: Fix ERROR: could not grab keyboard In-Reply-To: <20100427143624.GB20174@dhcp-30-74.brq.redhat.com> References: <20100427143624.GB20174@dhcp-30-74.brq.redhat.com> Message-ID: <4BD70211.3040508@redhat.com> On 04/27/2010 04:36 PM, Stanislav Ochotnicky wrote: > This patch adds 50ms timer before actually trying to grab > keyboard. Simple tests showed that this is enough to fix grabbing > failure and 50ms should be fast enought to prevent sniffing of > keyboard input. Now that I think about it...maybe it would be best if we kept trying to grab keyboard every X ms until we get it? Meanwhile if pinentry is configured to use global grab and we don't have it yet, display BIG RED WARNING. pinentry is not long running application so this should not have that significant impact on performance...what do you think? -- Stanislav Ochotnicky Associate Software Engineer - Base Operating Systems Brno Mobile: +420 775 633 759 Red Hat Inc. http://cz.redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: From kp2010 at koospol.nl Tue Apr 27 20:24:01 2010 From: kp2010 at koospol.nl (Koos Pol) Date: Tue, 27 Apr 2010 20:24:01 +0200 Subject: pinentry-gtk-2 SIGABRT when unable to grab keyboard In-Reply-To: <87iq7edwn7.fsf@vigenere.g10code.de> References: <4BD58786.3030608@redhat.com> <87iq7edwn7.fsf@vigenere.g10code.de> Message-ID: <201004272024.01954.kp2010@koospol.nl> On maandag 26 april 2010, Werner Koch wrote: > It is actually intended that you can't use a password manager - > gpg-agent is the password manager! If it would be possible to cut and > paste between windows other programs could do this as well; we try to > make this harder by grabbing the keyboard. Put "no-grab" into > gpg-agent.conf if you don't like this feature. I miss this dearly. I'd like to use strong passwords generated by KeepassX, but the inability to copy/paste makes this impossible. Hence I use one easy to remember password for all my keys. If there is any way around, I'd want to be the first to know :-) Cheers, Koos -- http://www.malarianomore.org For $10 a mosquito net + distribution + education + monitoring + evaluation. From lists at edman007.com Tue Apr 27 23:10:17 2010 From: lists at edman007.com (Ed Martin) Date: Tue, 27 Apr 2010 17:10:17 -0400 Subject: [PATCH] pinentry-gtk-2: Fix ERROR: could not grab keyboard In-Reply-To: <4BD70211.3040508@redhat.com> References: <20100427143624.GB20174@dhcp-30-74.brq.redhat.com> <4BD70211.3040508@redhat.com> Message-ID: I already fixed this and submitted it to the list long ago (and i'm not about to search for it), it got lost to the spam and never committed. The problem is X does send an event when the window is visible (instead of just mapped) but gtk does not offer this signal by default, and the keyboard needs to be grabbed when it is visible. Debian's list was not full of spam and has already accepted my patch. Anyways, a like to a patch that addresses the problem instead of fixing it. http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=27;bug=401957 Maybe someone can commit it upstream this time. On Apr 27, 2010, at 11:26 AM, Stanislav Ochotnicky wrote: > On 04/27/2010 04:36 PM, Stanislav Ochotnicky wrote: >> This patch adds 50ms timer before actually trying to grab >> keyboard. Simple tests showed that this is enough to fix grabbing >> failure and 50ms should be fast enought to prevent sniffing of >> keyboard input. > > Now that I think about it...maybe it would be best if we kept trying to > grab keyboard every X ms until we get it? Meanwhile if pinentry is > configured to use global grab and we don't have it yet, display BIG RED > WARNING. pinentry is not long running application so this should not > have that significant impact on performance...what do you think? > > -- > Stanislav Ochotnicky > Associate Software Engineer - Base Operating Systems Brno > > Mobile: +420 775 633 759 > Red Hat Inc. http://cz.redhat.com > > > _______________________________________________ > Gpa-dev mailing list > Gpa-dev at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gpa-dev From sochotnicky at redhat.com Wed Apr 28 09:55:55 2010 From: sochotnicky at redhat.com (Stanislav Ochotnicky) Date: Wed, 28 Apr 2010 09:55:55 +0200 Subject: [PATCH] pinentry-gtk-2: Fix ERROR: could not grab keyboard In-Reply-To: References: <20100427143624.GB20174@dhcp-30-74.brq.redhat.com> <4BD70211.3040508@redhat.com> Message-ID: <4BD7EA0B.7020600@redhat.com> On 04/27/2010 11:10 PM, Ed Martin wrote: > I already fixed this and submitted it to the list long ago (and i'm not about to search for it), it got lost to the spam and never committed. The problem is X does send an event when the window is visible (instead of just mapped) but gtk does not offer this signal by default, and the keyboard needs to be grabbed when it is visible. Debian's list was not full of spam and has already accepted my patch. Well, the list doesn't seem to be full with spam anymore so maybe you'll be more lucky :-) > Anyways, a like to a patch that addresses the problem instead of fixing it. > > http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=27;bug=401957 > > Maybe someone can commit it upstream this time. I have verified that debian patch, it works even for trunk and fixes problems with *box WMs. So this patch actually addresses the issue instead of creating workaround. If you use any patch for this, I suggest you use debian patch and not my workaround. -- Stanislav Ochotnicky Associate Software Engineer - Base Operating Systems Brno Mobile: +420 775 633 759 Red Hat Inc. http://cz.redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: