Subject: protection against login trojans?
To: None <firstname.lastname@example.org>
From: Geert Hendrickx <email@example.com>
Date: 04/05/2005 18:01:55
I was wondering whether it is possible for a user to protect himself
against login trojans. Another user could easily write a shell script
that displays a login: prompt, followed by a Password: prompt, and then
leave the console. The next user would then enter his login-name and
password into that trojan.
In XDM you could simply hit Ctrl-Alt-Backspace to reset the X-server.
In win2k you can hit Ctrl-Alt-Delete, also to reset the login-prompt.
Is there any way to reset a UNIX getty (or could that be implemented?),
so that a user can be sure he's talking to getty and not to some trojan?
PS: please CC me.