Re: Prompting for passwords on the desktop?

From: "Patryk Zawadzki" <patrys pld-linux org>
To: "Gustavo J. A. M. Carneiro" <gjc inescporto pt>
Cc: stef memberwebs com, "desktop-devel-list gnome org" <desktop-devel-list gnome org>, Brian Cameron <Brian Cameron sun com>
Subject: Re: Prompting for passwords on the desktop?
Date: Fri, 19 Sep 2008 14:58:28 +0200

On Fri, Sep 19, 2008 at 2:50 PM, Gustavo J. A. M. Carneiro
<gjc inescporto pt> wrote:
> On Fri, 2008-09-19 at 13:09 +0200, Patryk Zawadzki wrote:
>> I believe the goal is to use some uncatchable keyboard sequence a'la
>> Windows' secure auth (Ctrl+Alt+Del).
> This is kind of silly; I have to type a complex keyboard combination in
> order to input a password?  That is annoying.  Additionally, switching
> VTs in Linux is usually slow; more annoyance.  Expect some resistance on
> this "feature".

It's not for regular users, it's for environments with strict security
policies and is the only way to ensure you are not typing the password
into a spoofed prompt. The idea is to ask the user to manually invoke
a "system break" that can't be captured programmatically to guarantee
that the password prompt served by the underlying system, not by some
random program (all non-privileged app GUIs are hidden for the time
and all the grabs are temporarily disabled). I hope you understand
that user-initiated super-grab is the only secure way to input
anything (remember you have no control over other processes running in
the userspace and have to assume they are all malicious).

-- 
Patryk Zawadzki

References:
- Prompting for passwords on the desktop?
  - From: Stef
- Re: Prompting for passwords on the desktop?
  - From: Brian Cameron
- Re: Prompting for passwords on the desktop?
  - From: Gustavo J. A. M. Carneiro
- Re: Prompting for passwords on the desktop?
  - From: Patryk Zawadzki
- Re: Prompting for passwords on the desktop?
  - From: Gustavo J. A. M. Carneiro

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]