Implement Secure Attention Key
Feature summary
Right now, it is possible for an app/website/VM to spoof, either intentionally or accidentally, some important security-sensitive system dialogs: the login/unlock screen, and polkit prompts. I came across this when I accidentally typed my host system's password into a VM's polkit prompt. It's not out of the question for a website to fullscreen itself in the browser and then pretend to be a polkit dialog over a maximized browser window.
So, I propose that some of these prompts can first require the user to type in a sequence of keys that only gnome-shell will respond to. That can be Super+Esc, since that is already used to take control of the keyboard away from apps. More traditionally, this would be Ctrl+Alt+Del.
This would behave a lot like the "Secure Attention Key" of Windows (Ctrl+Alt+Del), often seen in corporate environments.
This is probably most useful in corporate environments.
How would you like it to work
- A system-level password entry appears. I.e.:
- GDM login screen
- Unlock screen
- Polkit agent
- GPG pinentry
- GIO disk unlock dialog
- Dialog proposed in #6921
- Instead of presenting a password entry box, the UI prompts the user to press Super+Esc, or Ctrl+Alt+Del
- The user presses the key sequence
- The password entry appears (THIS is where an app/website/VM would diverge: they'd never receive the key sequence!)
- The user types in the password