Linux login method secure?
steveb at creek-and-cowley.com
Sun Sep 1 19:32:33 PDT 2002
On Mon, 2002-09-02 at 10:18, T.B. van der Molen wrote:
> On Windows NT/2000/whatever you usually first have to press Ctrl+Alt+Del
> before you can log on. This way you are sure you are giving your login
> information to Windows because only Windows can recognize the
> Ctrl+Alt+Del key combination.
> Isn't this a relevant security threat? Can it be prevented?
Yes, it is a real security threat and there have been exploits of it.
I've got a book on my shelf here somewhere that mentions them.
I don't worry about it much because the desktop machines I set up all
use GDM. You can accomplish the same trick with that by resetting X.
If you want the same feature in text mode, just modify your inittab so
ctrl-alt-del runs some sort of script to kill extra processes and
Creek & Cowley Consulting
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-chat' in the subject header of the message
More information about the lfs-chat