On Fri, 2008-03-07 at 11:13 +0000, Darren J Moffat wrote: > IMO having the screen lock be an application rather than a fundamental > part of the X security policy and implemented in the X server (even as a > plugin) is part of where the problem lies.
Agreed. > Alan pointed out some of > the real issues with implementing it that way when he and I discussed > this last so it might be a non starter. I don't believe you can have a meaningful "trusted path" through the X server without at the very least some way of locking out non-trusted-path applications while the trusted path is activated. And you need some mechanism for the user to activate the trusted path which cannot be intercepted outside the trusted path. see also: http://en.wikipedia.org/wiki/Trusted_path http://en.wikipedia.org/wiki/Secure_attention_key when this feature is activated it likely makes most sense for the initial login window to prompt "press <secure attention key> to log in" just so users are used to hitting it in order to blow other things out of the way. - Bill
