The Ubuntu community has contributed 13963 ideas, 66846 comments, 1291785 votes
Idea
#9537: Secure attention key
|
| |
36
|
|
|
Written by Eldmannen the 5 Jun 08 at 18:36.
Category: Security.
Related to:
Nothing/Others.
Status: New
|
|
|
Description
In many environments computers are left unattended (e.g. schools, libraries, etc) and people can launch applications which mimic the look-and-feel of the login application (GDM) in order to get the users username and password.
This is called login spoofing.
Login spoofing can be prevented by using a secure attention key which is a key combination pressed before the user login to launch the password request dialog. This key can only be seen by the kernel, and not sniffed by any application.
Attachments
Duplicates
Comments
|
tebibyte wrote on the 5 Jun 08 at 20:09
| |
I like your idea. Just something to think about is that users want as few steps as possible when logging on to a computer. On the other hand, Windoze users do it all the time. CTRL+ALT+DELETE
|
|
Eldmannen wrote on the 5 Jun 08 at 20:21
|
This would be a configurable option.
By default it can be disabled for home users.
But the administrator of computers in certain environments (e.g. schools, libraries, etc) might want to enable it for increased security.
|
|
master5o1 wrote on the 5 Jun 08 at 22:48
|
Windows' ctrl+alt+del only works because it will call the task manager/lock screen thing. Which is good.
in ubuntu the ctrl+alt+del calls the logout/restart/shutdown dialog that gnome has when you press Quit in System menu.
That should/could work (keeping it standard like in windows).
Although in those environments it is more likely to have a time out where it will lock the computer after a few minutes (usually 2-5?) of idle time.
|
|
Eldmannen wrote on the 5 Jun 08 at 23:37
|
master5o1,
Then if I had a restricted account, I could setup a fake login manager, leave the computer and wait for the administrator to login...
|
|
AndersFeder wrote on the 6 Jun 08 at 00:36
| |
Good idea, Windows have had it for years. Let's not lack behind Windows in this particular department (security).
|
|
Dread Knight wrote on the 6 Jun 08 at 01:40
| |
Ctrl + Alt + Backspace? :P
|
|
Exsecrabilus wrote on the 6 Jun 08 at 02:44
| |
This idea owns my blankets.
|
|
sebsauvage wrote on the 6 Jun 08 at 09:31
|
Right.
CTRL+ATL+BACKSPACE does the job.
No need for a new "attention key".
-1 (not because it's a bad idea, but because it's already implemented)
|
|
avb wrote on the 6 Jun 08 at 15:28
|
Just lock the screen before you leave: CTRL+ALT+L
-1
|
|
holizz wrote on the 6 Jun 08 at 16:45
|
So _that_'s why Windows does that. And all that time I thought it was just being stupid.
As far as I'm aware Ctrl+Alt+Backspace can only be caught by the X server, so that combination could be used. It could probably be integrated into GDM somehow by having the login screen timeout and become unresponsive after a certain time period, and require X to be restarted (preferably via the C-M-Backspace method).
Probably best this feature is off by default, otherwise people on single-user systems will be unduly inconvenienced (and in small-scale settings such as households using a single computer). But this should be very good for large-scale installations.
|
|
jonaskoelker wrote on the 6 Jun 08 at 19:06
|
>> As far as I'm aware Ctrl+Alt+Backspace can only be caught by the X server
Try this:
Section "ServerFlags"
DontZap
EndSection
just fyi
|
|
AndersFeder wrote on the 8 Jun 08 at 07:52
|
"Just lock the screen before you leave: CTRL+ALT+L"
Huh? What's that supposed to help? Read the idea before modding it down, please.
Also, I don't think its a problem restricted to public computers. Malware downloaded to a single user system can also exhibit login spoofing.
And, finally, I thought Ctrl+Alt+Backspace _restarts_ the X server? That's not quite the same as requiring a key sequence to be pressed before login.
|
Post your comment
|
|
|
Bug #237721