Linux login method secure?

Steve Bougerolle steveb at creek-and-cowley.com
Sun Sep 1 19:32:33 PDT 2002


On Mon, 2002-09-02 at 10:18, T.B. van der Molen wrote:

> On Windows NT/2000/whatever you usually first have to press Ctrl+Alt+Del 
> before you can log on. This way you are sure you are giving your login 
> information to Windows because only Windows can recognize the 
> Ctrl+Alt+Del key combination.

> Isn't this a relevant security threat? Can it be prevented?

Yes, it is a real security threat and there have been exploits of it. 
I've got a book on my shelf here somewhere that mentions them.

I don't worry about it much because the desktop machines I set up all
use GDM.  You can accomplish the same trick with that by resetting X.

If you want the same feature in text mode, just modify your inittab so
ctrl-alt-del runs some sort of script to kill extra processes and
restart agetty/login.

-- 
Steve Bougerolle
Creek & Cowley Consulting

http://www.creek-and-cowley.com

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-chat' in the subject header of the message



More information about the lfs-chat mailing list