Fake login screens

Peteris Krisjanis pecisk at gmail.com
Sat Feb 14 19:26:24 UTC 2009

2009/2/14 Vincenzo Ciancia <ciancia at di.unipi.it>:
> On 14/02/2009 Felipe Figueiredo wrote:
>> As others said, more than once in this thread, the change is
>> reversible.
>> There will be a package to install so you don't have to edit your
>> xorg.conf.
> I will keep myself informed but I expected that ubuntu-devel-discuss was
> also a place to discuss the ubuntu development, involving high-impact
> changes. My mistake, so I will keep myself informed.
> However, it seems to me that nobody is getting the point about fake
> login screens: if I am an *user* of somebody else's network, how can I
> protect myself from another *user* faking a login screen, used as the
> only running X application, and stealing my password?

You have evidence that such scenario could happen or even is happened?
Or you just speculate? Anything can be faked in this world, specially
on computers.

> Under some windows versions, I can use ctrl+alt+delete. I bet the mac
> has something similar,

Nope, it doesn't (as far as I know, and I have worked with OS X as
sysadmin for five years). And Windows Ctrl+Alt+Delete have absolutely
different meaning than anti-faking measure.

> and Xorg traditionally had ctrl+alt+backspace
> (even though, it also kills the session as a nice side effect). Now, you
> have to consider that even an experienced system administrator may not
> notice the change when he will install next ubuntu on the client
> machines of a computing lab, or even worse when upgrading to it. Fancy
> an unexperienced system administrator as there are many.

Well, unexperienced system administrator would allow box to contain
trojan to get your password anyway. Believe me, faking login screens
is not a way someone would steal your password, unless there is no
other way.

> I will surely write my own fake gdm as an exercise just in case I become
> an user of such an admin :) Because of statistics, you know, if I carry
> a bomb there can't be another bomb on my plane.

Strawman argument.

> If the solution is "currently, ubuntu jaunty is vulnerable to this
> problem", let's just admit it and make it public in the release notes at
> least. So that people will know and avoid leaving the default
> configuration on clients.

No, Jaunty simply won't have C-A-B feature enabled by default. Simple
as that. Release notes doesn't have such speculation as "OMG, visual
interface have changed, someone could use it to steal information from

> Personally I would love that the power button returned to gdm, and that
> gdm created a new X session (like for the "guest login" use case) for
> every login, without disappearing, and occupying a fixed tty (the one
> the power button would return to). In that case, gdm could also offer a
> pre-loaded and not-swappable emergency shell that administrator may
> access. However, this *really* needs a blueprint so for now is there any
> other solution?

Yes, this *really* need blueprint just for a reason - it is how
world-shattering changes are introduced into Ubuntu. Disabling C-A-B
by default was blueprint for two years. This is how decision making

Don't get me wrong - I know that changing features is painful process
of some of us, but as far as I have experienced with Ubuntu, it is
always pays back in long term. Introduction of compiz broken a lot of
setups, but Hardy released with nice desktop effects tested for some
time. NetworkManager 0.7 was introduced as main network configuration
tool. Sure, I was annoyed, even angry. But I took time to test it and
understand it and now I admit that it is a future.

There is a blueprint already for dealing with C-A-B without disabling
it and I hope it will find a way into Jaunty+1. And that is how system
should work.


More information about the Ubuntu-devel-discuss mailing list