[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: trust [was Re: Open Xlock as root]



On Sat, 11 Dec 1999, Savochkin Andrey Vladimirovich wrote:

> Trusted xlock doesn't help you much in this scenario.
> You need a complete trusted infrastructure to be sure that you aren't dealing
> with a malicious program looking like xlock.

Sure. The trusted infrastructure is necessary, and it we will not have
it tomorrow. I wanted to demonstrate that if we had the infrastructure
and could solve the -allowroot problem in a secure way, we should make
the screen-locking app trusted as well.

> The real thing which can be easily done today is to teach users to use
> `vlock -a' rather than xlock.  I've never used xlock since once I saw an
> unlocked terminal with a nice message about segmentation fault in xlock when
> I came from lunch.

What makes vlock resistant to the attack I described (reminder: use a big
hammer to terminate the locked session and run your own "bugged" version
pretending to be the old one)?

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []