Closed GoogleCodeExporter closed 9 years ago
Attached a quick patch to fix this issue. Please make sure `pkg-config
--modversion ibus-1.0` is 1.5.4 or higher before you rebuild ibus-mozc with
this patch. The patch relies on the compile-time version check and is not
functional when you rebuild ibus-mozc with IBus 1.5.3 or prior.
IMPORTANT:
If you are using ibus-mozc with IBus 1.5.4+ and Gnome Shell 3.9.2+, I strongly
recommend you to apply this patch. Otherwise, anyone can use ibus-mozc on the
Gnome Shell's locked screen, meaning that an arbitrary person is able to do the
following things while you are away from your desk.
- See your private information that come from your user dictionary entry and/or
input history.
- Update your input history.
- Change config settings via "Command" feature.
Unfortunately, so far it is seems to be hard for us to prevent someone from
clicking menu items such as "Properties", "Dictionary Tool", "Add Word",
"Handwriting", "Character Palette", and "About Mozc" that are still shown in
the menu even when the screen is locked. Fortunately, he/she is not able to use
the launched tools because these tools are yet visible only from the original
desktop. So the risk of remaining issues is considered to be not so high at the
moment.
Original comment by yukawa@google.com
on 30 Sep 2013 at 6:54
Attachments:
Revised the patch as 'ibus-mozc_support_ibus-1.5.4_rev2.diff' so that you can
apply the patch at the top source directory. There is no behavioral change
between 'ibus-mozc_support_ibus-1.5.4.diff' and
'ibus-mozc_support_ibus-1.5.4_rev2.diff'.
Original comment by yukawa@google.com
on 1 Oct 2013 at 6:16
Attachments:
r178 contains this fix.
Original comment by yukawa@google.com
on 6 Nov 2013 at 11:49
Original issue reported on code.google.com by
yukawa@google.com
on 21 Sep 2013 at 12:43