-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 5 Apr 2005, Geert Hendrickx wrote:

>Hi, 
>
>I was wondering whether it is possible for a user to protect himself
>against login trojans.  Another user could easily write a shell script
>that displays a login: prompt, followed by a Password: prompt, and then
>leave the console.  The next user would then enter his login-name and
>password into that trojan.  
>
>In XDM you could simply hit Ctrl-Alt-Backspace to reset the X-server.
>In win2k you can hit Ctrl-Alt-Delete, also to reset the login-prompt.  
>
>Is there any way to reset a UNIX getty (or could that be implemented?), 
>so that a user can be sure he's talking to getty and not to some trojan?  

Traditionally, many Unixes have supported a `secure login path' 
extension, which would, upon receiving a `break' character on a terminal 
line, kill the processes using that terminal -- in the case where getty 
was running, this would simply result in getty being respawned, and in 
the case where a trojan was running, this would kill it, also resulting 
in getty being respawned.

I don't know that NetBSD supports this, but if not, it would be worth 
implementing...

- -- 
				Jim Wise
				jwise@draga.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)

iD8DBQFCVABKpRpI6SYACmIRAssfAJ9lNBV5pB2bUp4wa/XvQH+exOSBaQCgiV3V
A//5wVTy2iIVXoMG+1+e5Ys=
=tzVT
-----END PGP SIGNATURE-----