"Ctrl-Alt-Del to login" important for security?

Duncan Anderson duncangareth at yahoo.co.uk
Wed Mar 1 12:44:01 GMT 2006

On Wednesday, 1 March 2006 13:46, John McCabe-Dansted wrote:
> It seems to me that under the current login system, it would be easy
> for a malicious user to run a "fake login screen" and steal the
> password of the next user who tries to login.
> If so this could be solved by having some key combination guarantied
> to open the true login window. E.g. perhaps we could encourage users
> to always do a "Cntl-Alt-Backspace" before logging in (i.e. kill
> current X session) or  maybe "Cntl-Alt-F7" if we reserve display:0 for
> kdm/gdm.
> --
> John C. McCabe-Dansted
> Master's Student

For a malicious user to do what you suggest, they would have to have write 
permission to the display. This raises an interesting point. Which user has 
rights to the display before the login occurs? 

Once a user has logged in, the xhost command can be used to limit access, but 
what about before?


To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com

More information about the sounder mailing list