[IBus 1.5.4][Security] ibus-mozc must be locked down on the Gnome Shell's locked screen

[GoogleCodeExporter]

According to the following thread, ibus-mozc should support 
IBus.InputPurpose.PASSWORD so that IME can be disabled even when an application 
simply puts GTK+ "input purpose" as PASSWORD instead of explicitly disabling 
IME.

https://groups.google.com/forum/#!topic/ibus-user/mvCHDO1BJUw

>> 1. Is there any user-visible problem expected when an engine doesn't support 
IBus "input purpose", especially on gnome-shell password dialog?
> If the engine does not support the input purpose, the typed chars are shown 
on the password entry.
> And in case that engine is Japanese, Hiragana on preedit may be shown on 
preeedit by default.

>> 2. Why was it OK for an engine to do nothing when it works with IBus 1.5.3 
and prior?
> 1.5.2 or lower do not handle the input purpose so the typed chars are shown 
as the bug.
> 1.5.3 returns FALSE when the input purpose is password in IBus GTK+ IM 
modules instead of sending the key events to IBus engines so the problem does 
not appear.
> 1.5.4 adds the class method of set_content_type() in IBusEngine and IBus GTK+ 
IM modules send the input purpose to engines.

Original issue reported on code.google.com by yukawa@google.com on 21 Sep 2013 at 12:43

[GoogleCodeExporter]

Attached a quick patch to fix this issue. Please make sure `pkg-config 
--modversion ibus-1.0` is 1.5.4 or higher before you rebuild ibus-mozc with 
this patch. The patch relies on the compile-time version check and is not 
functional when you rebuild ibus-mozc with IBus 1.5.3 or prior.

IMPORTANT:
If you are using ibus-mozc with IBus 1.5.4+ and Gnome Shell 3.9.2+, I strongly 
recommend you to apply this patch. Otherwise, anyone can use ibus-mozc on the 
Gnome Shell's locked screen, meaning that an arbitrary person is able to do the 
following things while you are away from your desk.
- See your private information that come from your user dictionary entry and/or 
input history.
- Update your input history.
- Change config settings via "Command" feature.

Unfortunately, so far it is seems to be hard for us to prevent someone from 
clicking menu items such as "Properties", "Dictionary Tool", "Add Word", 
"Handwriting", "Character Palette", and "About Mozc" that are still shown in 
the menu even when the screen is locked. Fortunately, he/she is not able to use 
the launched tools because these tools are yet visible only from the original 
desktop. So the risk of remaining issues is considered to be not so high at the 
moment.

Original comment by yukawa@google.com on 30 Sep 2013 at 6:54

• Changed title: [IBus 1.5.4][Security] ibus-mozc must be locked down on the Gnome Shell's locked screen
• Changed state: Fixed
• Added labels: Priority-Critical, Security
• Removed labels: Priority-Medium

Attachments:

• ibus-mozc_support_ibus-1.5.4.diff

[GoogleCodeExporter]

Revised the patch as 'ibus-mozc_support_ibus-1.5.4_rev2.diff' so that you can 
apply the patch at the top source directory. There is no behavioral change 
between 'ibus-mozc_support_ibus-1.5.4.diff' and 
'ibus-mozc_support_ibus-1.5.4_rev2.diff'.

Original comment by yukawa@google.com on 1 Oct 2013 at 6:16

Attachments:

• ibus-mozc_support_ibus-1.5.4_rev2.diff

[GoogleCodeExporter]

r178 contains this fix.

Original comment by yukawa@google.com on 6 Nov 2013 at 11:49