[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-usability
Subject: Re: Screensaver login security?
From: Philip Hofstetter <pilif () sen ! ch>
Date: 2003-10-08 17:58:10
[Download RAW message or body]
Hello,
Troels Tolstrup wrote:
> Do you per chance know how Solaris and AIX does it then? Or are they simply
> being vulnerable to trojans? (i don't know if it is actually CDE that is
> handling it or the OS's, the prompts looks differently on AIX and Solaris,
> but that could of course be simple customizations done by SUN and IBM)
Unfortunatly, I don't know CDE very well - actually the last time I've
seen it running was about five years ago and I don't think I have seen a
screensaver running then.
A possible solution would be to educate the administrator to enter a
wrong password a random amount of times. As the trojan screensaver most
likely does not run as root and thus does not have access to
/etc/shadow, it is unable to check if the supplied password is correct.
So a trojan could do nothing but exit on *every* password entered,
counting on the fact that the administrator entered it correctly.
That would alert the administrator that something is fishy (although he
could have hit the current users password by accident).
Anyway: This isn't really secure but just a possible workaround.
Sorry for not being more helpful...
Philip
_______________________________________________
kde-usability mailing list
kde-usability@mail.kde.org
http://mail.kde.org/mailman/listinfo/kde-usability
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic