Subject: protection against login trojans?
To: None <>
From: Geert Hendrickx <>
List: tech-security
Date: 04/06/2005 15:29:03

I was wondering whether it is possible for a user to protect himself
against login trojans.  Another user could easily write a shell script
that displays a login: prompt, followed by a Password: prompt, and then
leave the console.  The next user would then enter his login-name and
password into that trojan.  

In XDM you could simply hit Ctrl-Alt-Backspace to reset the X-server.
In win2k you can hit Ctrl-Alt-Delete, also to reset the login-prompt.  

Is there any way to reset a UNIX getty (or could that be implemented?), 
so that a user can be sure he's talking to getty and not to some trojan?  



PS: please CC me.