Announcing Fedora 11 Alpha (blink)
Bill Crawford
billcrawford1970 at gmail.com
Mon Feb 9 16:01:14 UTC 2009
On Monday 09 February 2009 15:48:32 Fulko Hew wrote:
> On Mon, Feb 9, 2009 at 10:37 AM, Chuck Anderson <cra at wpi.edu> wrote:
> > On Mon, Feb 09, 2009 at 10:34:16AM -0500, Adam Jackson wrote:
> > > If someone can come up with a scenario where you really need zap, and
> > > not just vt switch and/or logout dialog, I'm eager to hear it. If you
> > > can come up with one that isn't "some broken application took a server
> > > grab and won't give it back", I'll even be interested.
> >
> > It serves as a Secure Attention Key--a way to assure that you are
> > getting the "real" login screen and not a trojan that is trying to
> > capture your login password.
>
> Following that thread of logic...
>
> How would I know that the 'secure attention key' hadn't also been
> trojan'ed?
Because if it's handled directly in the X server, and not the DE, it can only be
trojanned by replacing the X server itself, and at which point all bets are off
anyway. As long as the server itself isn't replaced, you know the key sequence
is useful.
The problem now is that someone can grab that key combo and fake a login
screen :o)
A more effective way might be the Alt-SysRq-K sequence, if Alt-SysRq is enabled
(but that was disabled by default for some time now).
More information about the fedora-test-list
mailing list