On Fri, Sep 19, 2008 at 12:42 PM, Gustavo J. A. M. Carneiro <[EMAIL PROTECTED]> wrote: > Someone who has gained a user privilege could possibly show a fake > password input dialog that looks exactly like a "real" password prompt, > thereby learning the root password. > > Same thing with VT swiching. It shouldn't be hard to make the it look > like we are switching VT from a simple X11 program running as the user. > > If the local user account has been compromised it seems to me that all > hope is lost. So I don't really see the point of all this Trusted Path > complexity. > > But I'm no security expert; I might be missing something.
I believe the goal is to use some uncatchable keyboard sequence a'la Windows' secure auth (Ctrl+Alt+Del). -- Patryk Zawadzki _______________________________________________ desktop-devel-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/desktop-devel-list
