[Pkg-shadow-devel] Bug#305600: Preventing login pishing

Nicolas François Nicolas François <nicolas.francois@centraliens.net>, 305600@bugs.debian.org
Tue, 10 May 2005 01:58:15 +0200


On Mon, May 09, 2005 at 10:37:14AM +0200, Martin Quinson wrote:
> As any program, login appearance could be faked. If non-trusted users have a
> physical access to the machine, an attacker could use this to obtain the
> password of the next person siting on front of the machine. The better way
> to prevent this is to use the SAK feature of the linux kernel. See for
> example Documentation/SAK.txt in the kernel source tree for more
> information.
> 
> <<<<
> 
> Gerhard, would it be ok for you? Other people, comments?

Looks good.

Some remarks from a non-english native:
I concur with Alexander:
s/siting/sitting/ s/sitting on front/sitting in front/
And also: s/The better/A better/
(The better should be The best, but as I don't know if it is the best, A
better seems reasonable)

Advertising SAK is also a good idea and seems the way other OS use to
allow the initiation of a trusted path (Windows uses Ctrl-Alt-Del, AIX
uses Ctrl-X Ctrl-R).

-- 
Nekral