On 14/02/2009 Peteris Krisjanis wrote: > You have evidence that such scenario could happen or even is happened? > Or you just speculate? Anything can be faked in this world, specially > on computers.
CTRL+ALT+BACKSPACE can't be faked, I believe. Whatever else you can fake, you have to do it under an existing user account. By leaving a fake gdm login under _my own_ account, which logs out immediately, and returns to the proper gdm, I can steal other users passwords without having to tamper with an open session of one of them. However I give up: it seems to me that nobody is going to admit this is changing something important in the security of multi-user systems, even though this seems very obvious to me, so please excuse me for the intromission, and do whatever you want with that. V. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss