[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: trust [was Re: Open Xlock as root]


On Fri, Dec 10, 1999 at 11:41:13PM +0100, Pavel Kankovsky wrote:
> The reason lies in the basic function of xlock rather than in some
> convenience feature. Let's assume I am a user and I want to leave my
> terminal for a few minutes. I lock it with xlock. As soon as I leave the
> room, Marvin, my sworn enemy (I apologize to all real Marvins out there),
> approaches the terminal and makes it reboot (I bet terminals not allowing
> persons in its vicinity to play with their power plugs are quite rare).
> When the terminal restarts, Marvin logs on, runs his special version of
> xlock, and leaves. I return, enter my password...I hope you can guess the
> rest of the story. This means even the passwords of mortals should be
> supplied to a trusted program via a trusted path.  This means a
> substantial part of xlock should be trusted. QED.

Trusted xlock doesn't help you much in this scenario.
You need a complete trusted infrastructure to be sure that you aren't dealing
with a malicious program looking like xlock.
We've already heard on this list about "trusted" area in the screen.  Such
major additions are strictly necessary for any trusted operations in Xwindow
environment.  So it's a problem of a far future.

The real thing which can be easily done today is to teach users to use
`vlock -a' rather than xlock.  I've never used xlock since once I saw an
unlocked terminal with a nice message about segmentation fault in xlock when
I came from lunch.

Teaching vlock to verify administrator's password too will be an easy and
reliable change.

Best wishes

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []