Subject: Re: protection against login trojans?
To: None <ghen@telenet.be>
From: Jim Wise <jwise@draga.com>
List: tech-userlevel
Date: 04/06/2005 11:29:10
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 5 Apr 2005, Geert Hendrickx wrote:
>Hi,
>
>I was wondering whether it is possible for a user to protect himself
>against login trojans. Another user could easily write a shell script
>that displays a login: prompt, followed by a Password: prompt, and then
>leave the console. The next user would then enter his login-name and
>password into that trojan.
>
>In XDM you could simply hit Ctrl-Alt-Backspace to reset the X-server.
>In win2k you can hit Ctrl-Alt-Delete, also to reset the login-prompt.
>
>Is there any way to reset a UNIX getty (or could that be implemented?),
>so that a user can be sure he's talking to getty and not to some trojan?
Traditionally, many Unixes have supported a `secure login path'
extension, which would, upon receiving a `break' character on a terminal
line, kill the processes using that terminal -- in the case where getty
was running, this would simply result in getty being respawned, and in
the case where a trojan was running, this would kill it, also resulting
in getty being respawned.
I don't know that NetBSD supports this, but if not, it would be worth
implementing...
- --
Jim Wise
jwise@draga.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)
iD8DBQFCVABKpRpI6SYACmIRAssfAJ9lNBV5pB2bUp4wa/XvQH+exOSBaQCgiV3V
A//5wVTy2iIVXoMG+1+e5Ys=
=tzVT
-----END PGP SIGNATURE-----