No way to prove GDM authenticity/Spoofing Protection [ trusted path , secure attention key ]
Submitted by Jason H.
Link to original bug (#168809)
Description
In a large public enviroment, it would be trivial and desireable to spoof the GDM login screen with a modified user binary, or complex script and access to the current GDM theme (usually publicly accessable anyway) in order to obtain user logins and passwords.
For example:
- Start trojan GDM as yourself.
- Users attempt to log in.
- Trojan GDM dumps usernames and passes to a text file.
- Trojan GDM owner presses custom key combo or username/pass to quit GDM
In a large company or university, at a public termnial, or other such enviroment this could be a bit hazardous.
While yes, one solution is to always press ctrl+alt+bkspc, this can be faked if "no special keys" (if that's the proper option) in X is enabled, by a short resolution change.
Now, I'll get grape shot with a cannon for this part, but mind, it's merely an example.
Windows 2000 prevents this by requiring Ctrl+Alt+Del at login, and having the key combination explicitly bound by the system (thus preventing a user application from faking the login screen). Pressing it while logged in takes you to a sort of user dialoge box labeled "Windows Security".
It may be a good idea to implement something like this, a key combo bound explicitly by GDM (if possible).