Xserver needs to run as "root" on Linux / was: Re: [Xorg] Server side widgets
Nicolas Mailhot
Nicolas.Mailhot at laPoste.net
Tue Jul 13 08:32:02 PDT 2004
Le mar, 13/07/2004 à 18:07 +0300, Ely Levy a écrit :
> On Tue, 13 Jul 2004, Nicolas Mailhot wrote:
>
> > Le mar, 13/07/2004 à 10:06 -0400, Sean Middleditch a écrit :
> >
> > > This is why Windows has the "Push ctrl-alt-delete to login" window on
> > > most corporate workstations. The kernel and _only_ the kernel can catch
> > > and process ctrl-alt-delete.
> >
> > Assuming the link from the keyboard to the computer and from the
> > computer to the screen is safe (which in the brave new wireless world is
> > less and less true)
>
> > A minimalist security feature would probably be for the system to ack
> > local logins with a passphrase the user entered when his account was
> > created. It would not protect against interception but at least you'd
> > know the real system was in the loop somewhere.
>
> And someone would just pick over your shoulder and see it?
Actually I'd be more worried about malware that initiates a connection,
saves the token and replays it later (in this case -> logs ?). If you
have physical access you can usually get most people enter their pass in
slow-mo (suitable for shoulder-peeking) just by jamming one of the keys
they use (for example: caps locks).
Anyway this illustrates my point - without some input hardware help
securing login is a lot of work for very weak assurances.
Cheers,
--
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://lists.x.org/archives/xorg/attachments/20040713/cca9fe1c/attachment.pgp>
More information about the xorg
mailing list