Nicolas Williams wrote: > On Mon, Mar 10, 2008 at 07:03:48PM -0400, Bill Sommerfeld wrote: > >> On Mon, 2008-03-10 at 15:11 -0500, Brian Cameron wrote: >> >>> My understanding is that to provide Trusted Path, you need to remove >>> the possibility for anybody to snoop, modify, affect, etc. the >>> password that the user enters. >>> >> while that part's important, there's another aspect which is more >> important: >> >> you also need a mechanism for the user to be able to tell when & where >> the trusted path is active that can't be spoofed by any other >> application. >> > > Yup. > > Secure attention keys is one possibility. Another is to steal enough > pixels from the display to always have a border that is indicative of > what the current context is > > Secure attention keys are what Windows (and probably others) implement. > > I think I'd like to have both, or an option for both. >
The XTSOL extension to Xorg does both. A reserved area of the screen for feedback and a secure attention key to warp the pointer to the reserved area (breaking grabs, too). --Glenn > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org >
