Re: Questions about PAM, GDM and gnome-screensaver



Hey,

On Dec 20, 2007 1:57 PM, Brian Cameron <Brian Cameron sun com> wrote:
> > But that doesn't fulfill the requirements of a trusted path alone.
> > How do you prevent snooping and trojans for example.
>
> Ideally the lock screen should grab server to avoid snooping.  Since
> the process doesn't run as the user, and with GrabServer, it should
> not be possible to snoop.
>
> This doesn't, as you say, protect against trojans.  I think this is a
> separate problem than Trusted Path, and one that requires some
> consideration.

In my opinion, this entire discussion is academic unless you can
protect against trojans.  To me, that is the essence of a trusted
path.  If the user has no way of knowing what is trustworthy what is
the point?  What is the point of protecting against snooping and
requiring all sorts of stuff to run at a higher privilege if any
program can pop up a password prompt at any time (and no one can tell
the difference)?  And visual cues don't cut it either since they can
be spoofed just the same.

Your definition of trusted path may work for command line programs and
login but doesn't really make sense to me for graphical applications.

Windows solves this by using the C-A-Del keybinding.

Jon


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]