Re: Proposal for inclusion in desktop: gnome-screensaver

From: Rob Adams <readams readams net>
To: desktop-devel-list gnome org
Subject: Re: Proposal for inclusion in desktop: gnome-screensaver
Date: Wed, 26 Oct 2005 10:31:37 -0700

Of course, there's no way to know that the gdm login dialog itself isn't
a trojan horse being run by the logged-in user either.  You'd need a
scheme whereby the login dialog first authenticates itself to the user
before the user typing in the password to avoid that, or a button you
press before the login screen presents itself which is intercepted at
the kernel level to cause the one true login prompt to appear.  Either
way, simply presenting a fake trojaned gdm window would probably still
work, since if the gdm window for some reason won't authenticate itself
or for some reason they didn't need to type the escape sequence that one
time, the user would probably type his password anyway.

Alternatively, you could try to design the display system in such a way
as to make it impossible to make something that looks like a login
dialog using the APIs available to unprivileged users.  Maybe a 50 pixel
strip at the top of the screen which can only be drawn on by the system
login and unlock prompts.  Good luck with that one.

The moral of the story is you're screwed on multi-user terminals.

-Rob

On Wed, 2005-10-26 at 12:22 -0400, Dan Winship wrote:
> Rodney Dawes wrote:
> > 3. Unlocking the screen with the root password should do the same as
> > choosing switch users, and logging in as root. Not doing so is a privacy
> > and security issue, as it may allow root access to remote hosts, that
> > root normally does not have access to.
> 
> Typing the root password into gnome-screensaver (when a non-root user is 
> logged in) should not do anything special at all, because the 
> administrator has no way of knowing that the "unlock dialog" isn't 
> really a trojan horse being run by the logged-in user, and so we really 
> shouldn't give him any reason to type the root password into it.
> 
> -- Dan
> _______________________________________________
> desktop-devel-list mailing list
> desktop-devel-list gnome org
> http://mail.gnome.org/mailman/listinfo/desktop-devel-list
>

Follow-Ups:
- Re: Proposal for inclusion in desktop: gnome-screensaver
  - From: William Jon McCann
- Re: Proposal for inclusion in desktop: gnome-screensaver
  - From: Alan Cox

References:
- Proposal for inclusion in desktop: gnome-screensaver
  - From: William Jon McCann
- Re: Proposal for inclusion in desktop: gnome-screensaver
  - From: JP Rosevear
- Re: Proposal for inclusion in desktop: gnome-screensaver
  - From: Rodney Dawes
- Re: Proposal for inclusion in desktop: gnome-screensaver
  - From: Dan Winship

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]