Re: Prompting for passwords on the desktop?

On Fri, Sep 19, 2008 at 12:42 PM, Gustavo J. A. M. Carneiro
<gjc inescporto pt> wrote:
> Someone who has gained a user privilege could possibly show a fake
> password input dialog that looks exactly like a "real" password prompt,
> thereby learning the root password.
> Same thing with VT swiching.  It shouldn't be hard to make the it look
> like we are switching VT from a simple X11 program running as the user.
> If the local user account has been compromised it seems to me that all
> hope is lost.  So I don't really see the point of all this Trusted Path
> complexity.
> But I'm no security expert; I might be missing something.

I believe the goal is to use some uncatchable keyboard sequence a'la
Windows' secure auth (Ctrl+Alt+Del).

Patryk Zawadzki

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]