"Ctrl-Alt-Del to login" important for security?
Duncan Anderson
duncangareth at yahoo.co.uk
Wed Mar 1 12:44:01 GMT 2006
On Wednesday, 1 March 2006 13:46, John McCabe-Dansted wrote:
> It seems to me that under the current login system, it would be easy
> for a malicious user to run a "fake login screen" and steal the
> password of the next user who tries to login.
>
> If so this could be solved by having some key combination guarantied
> to open the true login window. E.g. perhaps we could encourage users
> to always do a "Cntl-Alt-Backspace" before logging in (i.e. kill
> current X session) or maybe "Cntl-Alt-F7" if we reserve display:0 for
> kdm/gdm.
>
> --
> John C. McCabe-Dansted
> Master's Student
For a malicious user to do what you suggest, they would have to have write
permission to the display. This raises an interesting point. Which user has
rights to the display before the login occurs?
Once a user has logged in, the xhost command can be used to limit access, but
what about before?
cheers
Duncan
___________________________________________________________
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com
More information about the sounder
mailing list