"Ctrl-Alt-Del to login" important for security?
Tristan Wibberley
maihem at maihem.org
Wed Mar 1 22:12:25 GMT 2006
Eduard Giménez wrote:
> Anyway, any computer which is physically accessible is vulnerable (you
> always can stole the HD and work at home ;)).
You can pull a hard disk out through the keyboard or monitor? I'd love
to see that party trick - it'd be better than taking your underpants off
without taking your trousers off first :)
A keyboard is only connected to the computer by a cable, just like any
network terminal, so I don't see the difference between network shell
security and console security.
> But with the current system how will you force an user to do some kind
> of key-combination?
>
> I mean, by default we can force the user doing it but it won't stop a
> malicious user to launch a full screen gdm-like program. Probably the
> victim user will not press the key combination if he's not prompted to
> do it, and the malicious user is not going to prompt for it. So we are
> at the same point.
This can only be done by having the console or X server recognise when a
trusted binary (running as root) is displaying full screen, not allowing
any other programs to display over the top of it, and not passing
keyboard/mouse input on to any other windows - then making a user
interface change that cannot be duplicated by a non-privileged program.
--
Tristan Wibberley
More information about the sounder
mailing list