Gary: >> In other words, there is not really any way for the user to know that >> the login screen or lock screen isn't a fake screen designed to look and >> act like the real screen, which really just does something malicious >> like forward the user's username or password information to somewhere it >> shouldn't go. > > That's unfortunate that there's "not really any way" since many > of our competitors (and Sun in the past) have found a way. > Perhaps you mean you can't think of a way.
You misread me. I meant that there is "not really any way" for users to tell using our existing code. I wasn't suggesting that the problem is not solvable in the future. I do realize that Windows uses Ctrl-Alt-Delete as a "Secure Attention key" to let the user know that they are in the Trusted Path. http://en.wikipedia.org/wiki/Control-Alt-Delete I'm not aware of any UNIX or Xserver based solutions to this problem. I suspect it is not possible to provide similar functionality simply in the login program or in the screen lock program. I may be wrong, but I'm guessing there might need to be underlying kernel or Xserver support to make it impossible to spoof. I was just asking if people have an idea of how this should be properly implemented. Nicolas suggests that this could also be handled by "stealing enough pixels from the display to always have a border". It isn't clear to me what this means, or how a spoofed program couldn't simulate this behavior. Brian
