Subject: protection against login trojans?
To: None <tech-security@netbsd.org>
From: Geert Hendrickx <geert.hendrickx@ua.ac.be>
List: tech-security
Date: 04/06/2005 15:29:03
Hi,
I was wondering whether it is possible for a user to protect himself
against login trojans. Another user could easily write a shell script
that displays a login: prompt, followed by a Password: prompt, and then
leave the console. The next user would then enter his login-name and
password into that trojan.
In XDM you could simply hit Ctrl-Alt-Backspace to reset the X-server.
In win2k you can hit Ctrl-Alt-Delete, also to reset the login-prompt.
Is there any way to reset a UNIX getty (or could that be implemented?),
so that a user can be sure he's talking to getty and not to some trojan?
Thanks,
GH
PS: please CC me.
--
:wq