Linux login method secure?
T.B. van der Molen
tbm at home.nl
Sun Sep 1 19:18:51 PDT 2002
I was wondering the following.
On Windows NT/2000/whatever you usually first have to press Ctrl+Alt+Del
before you can log on. This way you are sure you are giving your login
information to Windows because only Windows can recognize the
Ctrl+Alt+Del key combination.
This does not exist in the Linux login method. So, someone could easily
write a program or script that visually imitates the behaviour of the
login program on a system, capture the user's login information and
could then exit and log out so the user sees the real login program.
Isn't this a relevant security threat? Can it be prevented?
"Period Three Implies Chaos"
- T.Y. Li & J.A. Yorke (1975)
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-chat' in the subject header of the message
More information about the lfs-chat