[Pkg-shadow-devel] Bug#305600: login is vulnerable to local pishing attacks

Matt Zimmerman Matt Zimmerman <mdz@debian.org>, 305600@bugs.debian.org
Wed, 20 Apr 2005 19:00:14 -0700


On Thu, Apr 21, 2005 at 02:33:35AM +0200, Gerhard Schrenk wrote:

> IMHO the easiast security enhancement for password based local 
> authentication seems to be (anyone better ideas?) keysequences that can
> only be catched by the kernel or apps that are suid root.

Correct, this can't be fixed in login, but only in the kernel.  Also, the
kernel already provides this (via magic sysrq), so it seems that your issue
has been addressed.

-- 
 - mdz