Bug#305600: [Pkg-shadow-devel] Bug#305600: login is vulnerable to local pishing attacks

[Christian Perrier]

> > Please explain me how, on a non compromised system, users can replace
> > the login program with something else.
> 
> Wasn't that only you in
> <20050421051705.GL7188@mykerinos.kheops.frmug.org> who claims this?  I'm
> speaking of a simple childish script kiddy script that you start as a
> normal local user *without* root access. I thought you have
> misunderstood something because you might have a system in mind with
> users you trust. I'm speaking of systems with users you don't trust.

Well, *that* I have got the point. And, well, I don't trust users on
my system.

But how do you expect that the malicious unprivileged user can fake
*other* users by having them use the fake login program. That is my
point.  The only way I see for doing this is by replacing the real
login program by the faked one.

OK, as a normal user, I can start a fake login program and have it
mimic the bahaviour of /bin/login.

But, how could I really have other users run it and believe this is the
normal login program? Sending them an email which says "Please
run that login program you'll find in my home"?

I'm really missing something in your reasoning, here....