Secure attention Key: Login and GkSudo

staticd staticd.growthecommons at gmail.com
Sun Oct 30 14:11:04 UTC 2011


> Windows NT is designed so that, unless system security is already
> compromised in some other way, only the Winlogon process, a trusted
> system process, can receive notification of this keystroke
> combination. This is because the kernel remembers the process ID of
> the Winlogon process, and allows only that process to receive the
> notification.
>
> So says Wikipedia.
>
> Interestingly, VMWare catches the sequence as well.
>
>
I was thinking of a Alt+Sysrq combination capturable only by the kernel.
(Ctrl+Alt+Sysrq ?)


> While it is true that the SAK will trigger a kernel event, it is also
> true that the major method of bypass isn't going to be anything so
> simple as hacking the log-in dialog or gksudo prompt.  No, that won't
> work.
>
>
Why won't a well created spoof work? An interface that looks like the login
interface / gksu interface but isn't.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20111030/9a385fed/attachment.html>


More information about the Ubuntu-devel-discuss mailing list