[Pkg-shadow-devel] Bug#305600: Preventing login pishing
Martin Quinson
Martin Quinson <martin.quinson@loria.fr>, 305600@bugs.debian.org
Tue, 10 May 2005 19:57:02 +0200
--zYM0uCDKw75PZbzx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, May 10, 2005 at 05:39:25PM +0200, Gerhard Schrenk wrote:
> * Martin Quinson <martin.quinson@loria.fr> [2005-05-09 10:53]:
> =20
> > Gerhard, would it be ok for you? Other people, comments?
> > Mt.
>=20
> I (submitter of this bug) am ok with a short reference to a more general
> document about security.=20
>=20
> I wasn't aware that this "bug" is still open. It seems to be unfixable.
> Mmh if you use SAK and you have secured your physical accessible
> machine (bios password, bootloader password, security locked your Ata
> drive, encrypted filesystem, ...) the next easy attack for password
> based authentication I can think of is just to replace the keyboard with
> a "fake" one... ;-)=20
You're kidding, right? If physical access doomes the security, why do you
put a root password on those boxes?
> Maybe(?) the right thing is tag this bug wontfix and leave it open for
> documentation purposes? Unfortunately I posted this silly script so
> I'd rather voted for closing this bug report.
Documentation belongs to the man page, not to the BTS.
Mmm. It looks like I'm gonna fix this bug despite the main debian packager
and even despite the bug reporter...
Tomasz, are you with me ? ;)
Good night, people.
Mt.
--zYM0uCDKw75PZbzx
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCgPXuIiC/MeFF8zQRArJVAJ0QT0S4FVFTTF7j4swtOkqfHB7ZEgCgkY/O
vDa55jqRe+6Uo82T9lVj4EM=
=yaG2
-----END PGP SIGNATURE-----
--zYM0uCDKw75PZbzx--