At Thu, 31 Jan 2008 06:14:35 -0500, Jonathan S. Shapiro wrote: > > On Wed, 2008-01-30 at 22:46 +0100, Bas Wijnen wrote: > > As you seem to agree, Alt+SysRq may be designed for the purpose, but it > > is badly designed and should not be used for it. > > No, I do not agree with this. Yes, I agree it would be better if SysRq > did not require ALT. No, I do not agree that the current design is a > serious problem. > > > > This is the right goal. The problem is to ensure that a "normal" program > > > cannot simulate a password box well enough to fool the user into > > > entering a password into an unauthorized program. > > > > The user needs to be educated for this: when entering a password, > > _always_ press break first. > > Actually, that isn't necessary. There are ways to design a window > manager to provide visual feedback confirming that a trusted window has > focus.
To fill in this dangling reference, here are two papers that present some work in this direction: A Nitpicker's guide to a minimal-complexity secure GUI by N. Feske, C. Helmuth, in proceedings of the 21st Annual Computer Security Applications Conference (ACSAC 2005), Tucson, Arizona, USA, December 2005. http://os.inf.tu-dresden.de/papers_ps/feske-nitpicker.pdf Design of the EROS Trusted Window System by Jonathan S. Shapiro, John Vanderburgh, Eric Northup, and David Chizmadia, in proceedings of the 2004 USENIX Security Conference, 2004. http://www.eros-os.org/papers/usenix-sec2004.ps Neal
