A system isn't idle by definition below 5 sec. Before it's not possible
to properly determine whether the user is still interacting with the
system or not. Thus such a short timeout is not sufficient to determine
whether the system is idle.
Furthermore allowing short timeouts like 1 msec can be used to gather
information from the system. It would allow to reconstruct the timestamp
changes on the seat very reliable, which we do not want a Client to know.
And also this can be used to get events on each key press and key release
and the time between each of the events. This can be used to gather
statistics which would in worst case allow to reconstruct what the user
is typing. Determining where a word starts and ends should be relatively
straight forward if you know the timing. With the length of the word and
the statistics of alphabetic distribution it becomes possible to
reconstruct some words. And also individual letters. With enough
statistic and some known words one can determine how long it takes to
press a certain letter. At that point the idle interface would be a
keylogger.
To prevent such attacks the timestamp is now modified to be at least
5 sec. Why 5 sec? Because it's the smallest timestamp used in the
KIdleTime example application which I do not want to break.
5 sec are long enough to destroy this possible attack.
REVIEW: 126220
Follows a useful change added in the kwaylandScanner tool the
s_version becomes part of the Private class.
Also fixes the related generation in the tool.
The idle time interface is modelled for the use cases of the KIdleTime
framework to allow providing a Wayland specific implementation.
It supports registering idle timeouts which are triggered on server
side if there has not been any user activity on the seat for the
requested amount of time. Once user activity resumes a resume from idle
signal is emitted.
In additon there is the possibility to simulate user activity which
simulates the resume from idle.
