"Ctrl-Alt-Del to login" important for security?

[Eduard Giménez]

Hi, 

El dc 01 de 03 del 2006 a les 16:06 +0200, en/na Duncan Anderson va
escriure:

> In case of that sort of "social engineering", John's initial suggestion of 
> doing a Ctl-Alt-Backspace makes sense. I was thinking of a scenario in which 
> it may be assumed that the machine is physically secure, so that the login 
> spoofing would need to be performed over the network.

But with the current system how will you force an user to do some kind
of key-combination? 

I mean, by default we can force the user doing it but it won't stop a
malicious user to launch a full screen gdm-like program. Probably the
victim user will not press the key combination if he's not prompted to
do it, and the malicious user is not going to prompt for it. So we are
at the same point. 

Anyway, any computer which is physically accessible is vulnerable (you
always can stole the HD and work at home ;)).

cheers, 

-- 
edu