On Fri, 2008-09-19 at 13:09 +0200, Patryk Zawadzki wrote: > On Fri, Sep 19, 2008 at 12:42 PM, Gustavo J. A. M. Carneiro > <[EMAIL PROTECTED]> wrote: > > Someone who has gained a user privilege could possibly show a fake > > password input dialog that looks exactly like a "real" password prompt, > > thereby learning the root password. > > > > Same thing with VT swiching. It shouldn't be hard to make the it look > > like we are switching VT from a simple X11 program running as the user. > > > > If the local user account has been compromised it seems to me that all > > hope is lost. So I don't really see the point of all this Trusted Path > > complexity. > > > > But I'm no security expert; I might be missing something. > > I believe the goal is to use some uncatchable keyboard sequence a'la > Windows' secure auth (Ctrl+Alt+Del).
This is kind of silly; I have to type a complex keyboard combination in order to input a password? That is annoying. Additionally, switching VTs in Linux is usually slow; more annoyance. Expect some resistance on this "feature". Besides, my user account being compromised is 99% as bad as the root account being compromised, IMHO. -- Gustavo J. A. M. Carneiro <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> "The universe is always one step beyond logic" -- Frank Herbert _______________________________________________ desktop-devel-list mailing list desktop-devel-list@gnome.org http://mail.gnome.org/mailman/listinfo/desktop-devel-list