* Martin Quinson: > So, I reopen this bug just to leave the discussion open and see what > happens. In my opinion, this is a unfixable bug. Whatever we do in login to > prevent it could be done by an attacker, too. But I may well be wrong. One approach is a "secure attention key": <http://lwn.net/2001/0322/a/SAK.php3>