Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Keyboard not being recaptured after passing special keys with --special-passthrough #252

Closed
SafwanLjd opened this issue Feb 3, 2022 · 9 comments
Closed

Keyboard not being recaptured after passing special keys with --special-passthrough #252

SafwanLjd opened this issue Feb 3, 2022 · 9 comments
Labels
bug

Comments

@SafwanLjd
Copy link

SafwanLjd commented Feb 3, 2022
edited
Loading

This issue is a....

[x] Bug
[ ] Other kind of issue (Please describe in detail)

Current Behavior

slightly after using one of the "special keys" (i.e. the volume keys), you get the ability to pass any key, if you use the shortcut keys to launch another program that requests the focus, like a terminal, you'll be able to run commands, i.e. pkill i3lock

Expected Behavior

This shouldn't happen

Reproduction Instructions

Here is a demonstration where I'm using sxhkd to bind "Super + Enter" to launch Alacritty
screenrecord

Environment

Output of i3lock --version:
i3lock: version aur-ac6b471 (2022-01-25)

Where'd you get i3lock-color from?

[x] AUR package (i3lock-color-git)
[ ] Built from source yourself
[ ] Other (Please describe in detail)
@JezerM
Copy link

JezerM commented Feb 3, 2022

Certainly, I was expecting something related to --special-passtrough, but not like this. It's weird that i3lock doesn't regain its keyboard control... I'll have to check it.

@JezerM
Copy link

JezerM commented Feb 3, 2022

Does this happens only with volume keys? Or brightness and media keys too?

@SafwanLjd
Copy link
Author

SafwanLjd commented Feb 3, 2022
edited
Loading

It happens with all the "special" keys, I just used the volume keys as an example

@JezerM
Copy link

JezerM commented Feb 3, 2022

Also, does this only happens with sxhkd? Have you tested other Window Managers/Desktop Environments where this issue occurs?

@SafwanLjd
Copy link
Author

I haven't, since that's the only environment I use... but sxhkd is the most popular stand-alone hotkey daemon, so it'd be a big deal even if it's just that

@JezerM
Copy link

JezerM commented Feb 3, 2022

I can confirm this happens with sxhkd and dwm.

@Raymo111 Raymo111 added the bug label Feb 3, 2022
@Raymo111
Copy link
Owner

Raymo111 commented Feb 4, 2022

Oh dear. @SafwanLjd thanks for reporting this, @JezerM please fix this as soon as you can, I'm gonna wait until that happens to release a new version.

@Raymo111 Raymo111 changed the title Security risk with --special-passthrough Keyboard not being recaptured after --special-passthrough Feb 4, 2022
@Raymo111 Raymo111 changed the title Keyboard not being recaptured after --special-passthrough Keyboard not being recaptured after passing special keys with --special-passthrough Feb 4, 2022
@JezerM
Copy link

JezerM commented Feb 4, 2022

For now, this feature had to be reverted.

@Raymo111 Raymo111 mentioned this issue Feb 4, 2022
Merged
@Raymo111
Copy link
Owner

Raymo111 commented Feb 4, 2022

Feat reverted due to the same vuln being present on KDE (and this probably everywhere the flag is used).

@Raymo111 Raymo111 closed this as completed Feb 4, 2022
@Raymo111 Raymo111 mentioned this issue Feb 4, 2022
Closed
igemnace added a commit to igemnace/scripts that referenced this issue Mar 2, 2022
@igemnace
Remove --special-passthrough for i3lock-color
1c5f388 
There exists a vulnerability around --special-passthrough (not
surprising, because of how hairy the nature of the feature is). It has
been reverted upstream, so I remove it from my lockscreen script.

See Raymo111/i3lock-color#252.
@JezerM JezerM mentioned this issue Jul 21, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Raymo111 @SafwanLjd @JezerM