Re: Prompting for passwords on the desktop?

From: "Patryk Zawadzki" <patrys pld-linux org>
To: "Gustavo J. A. M. Carneiro" <gjc inescporto pt>
Cc: stef memberwebs com, "desktop-devel-list gnome org" <desktop-devel-list gnome org>, Brian Cameron <Brian Cameron sun com>
Subject: Re: Prompting for passwords on the desktop?
Date: Fri, 19 Sep 2008 13:09:55 +0200

On Fri, Sep 19, 2008 at 12:42 PM, Gustavo J. A. M. Carneiro
<gjc inescporto pt> wrote:
> Someone who has gained a user privilege could possibly show a fake
> password input dialog that looks exactly like a "real" password prompt,
> thereby learning the root password.
>
> Same thing with VT swiching.  It shouldn't be hard to make the it look
> like we are switching VT from a simple X11 program running as the user.
>
> If the local user account has been compromised it seems to me that all
> hope is lost.  So I don't really see the point of all this Trusted Path
> complexity.
>
> But I'm no security expert; I might be missing something.

I believe the goal is to use some uncatchable keyboard sequence a'la
Windows' secure auth (Ctrl+Alt+Del).

-- 
Patryk Zawadzki

Follow-Ups:
- Re: Prompting for passwords on the desktop?
  - From: Gustavo J. A. M. Carneiro
- Re: Prompting for passwords on the desktop?
  - From: Stef

References:
- Prompting for passwords on the desktop?
  - From: Stef
- Re: Prompting for passwords on the desktop?
  - From: Brian Cameron
- Re: Prompting for passwords on the desktop?
  - From: Gustavo J. A. M. Carneiro

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]