[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root

At 17:05 04/12/99 +0100, Pavel Kankovsky wrote:
>On Fri, 3 Dec 1999, Andrew Morgan wrote:
>> In general, you bring up a really interesting issue. The whole thing
>> about trusted path. Mmm, could you get around this with a different kind
>> of module and a trusted GUI agent + some crypto?
>How can a trusted GUI agent make sure it talks to a trusted X server?
>How can a person at the terminal make sure he or her talks to a trusted
>GUI agent via a trusted X server?

On a CMW system, this is achieved by modifying the X server so that
there is a reserved area of the screen (sort of like a title bar at
the bottom).  X clients are allowed neither to write to this area, nor
to receive any mouse events from it.  When a user wants to invoke a
trusted client, they click in this reserved area, and that click is
guaranteed to be processed by the trusted X server, which then
invokes the trusted client (actually by means of a trusted intermediary
in our implementation, but that's the essence of it).  When a trusted
client has focus, that fact is indicated in the reserved area, so the
user has confidence that the trusted path is active.

This is a non-trivial modification, but it can be done (although it
hasn't been done on Linux so far, to the best of my knowledge).

As an alternative example, Windows NT allows the user to establish
a trusted path by hitting a reserved key stroke sequence (Ctrl-Alt-Del).
These key strokes are guaranteed to be intercepted by a trusted
process, which then takes over the screen area.  As far as I know,
Windows NT doesn't have any equivalent mechanism to display the fact
that a trusted process currently has focus.

			- Craig.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []