Secure attention Key: Login and GkSudo
staticd
staticd.growthecommons at gmail.com
Sun Oct 30 13:21:54 UTC 2011
The Secure Access key(SAK) is a key combination captured/capturable only by
the OS.
It can be used to initiate authentication interfaces where the user is sure
that the keys are being captured only by the OS.
This feature is present on windows(Ctrl+Alt+Del) to initiate logon.
In Ubuntu, this would be useful for
1)multiuser settings(Schools, workplaces etc) to launch the LDM login
screen.
motivation: malacious users can present convincing login screen spoofs
to capture passwords.
(other key combinations Ctrl+Alt+l, Alt+tab etc can be captured by raw
mode fullscreen programmes, from my experience writing SDL games sometime
back)
this idea was presented here http://brainstorm.ubuntu.com/idea/9537 but
was not implemented
*
Proposal:*When SAK is pressed menu is available for login, user can be
assured that no spoofing can take place.
2)Single, non technical user for providing sudo password:
motivation: some one downloads and runs (unknowingly through an
application vulnerability or through social engineering /a trojan) some
userspace malware. said malware lies low for a while before presenting a
dialog identical to the gksudo dialog saying "Your system needs urgent
updates, Do it now? Authenticate with your password:". malware has stolen
sudo password.
The average user should be able to make sure that the dialogs for granting
root access to a programme are genuine.
*
Proposal:*
when gksu is invoked a message is displayed: "Authorization pending, press
<SAK> and enter your sudo password"
pressing the SAK (switches to a different VT maybe?) brings up a menu to
choose between "login as another user"/ "authorize pending administrative
task"
Choosing to authorize tasks presents users with the traditional gksudo
dialog. elevated tasks are now run on the same X server/VT from where the
call to gksudo came from.
This way users should never have to present their sudo password in their
normal interface.
I think these two steps will help make ubuntu even more secure, and help
prepare it for a large non technical userbase.
What do you think?
If no one can take up the project but thinks its worthwhile pursuing it,
can you give me instructions on how to proceed
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20111030/8a1c5044/attachment.html>
More information about the Ubuntu-devel-discuss
mailing list