Re: User sessions, system request

[Neal H. Walfield]

At Thu, 31 Jan 2008 06:14:35 -0500,
Jonathan S. Shapiro wrote:
> 
> On Wed, 2008-01-30 at 22:46 +0100, Bas Wijnen wrote:
> > As you seem to agree, Alt+SysRq may be designed for the purpose, but it
> > is badly designed and should not be used for it.
> 
> No, I do not agree with this. Yes, I agree it would be better if SysRq
> did not require ALT. No, I do not agree that the current design is a
> serious problem.
> 
> > > This is the right goal. The problem is to ensure that a "normal" program
> > > cannot simulate a password box well enough to fool the user into
> > > entering a password into an unauthorized program.
> > 
> > The user needs to be educated for this: when entering a password,
> > _always_ press break first.
> 
> Actually, that isn't necessary. There are ways to design a window
> manager to provide visual feedback confirming that a trusted window has
> focus.

To fill in this dangling reference, here are two papers that present
some work in this direction:

  A Nitpicker's guide to a minimal-complexity secure GUI by N. Feske,
  C. Helmuth, in proceedings of the 21st Annual Computer Security
  Applications Conference (ACSAC 2005), Tucson, Arizona, USA, December
  2005.

  http://os.inf.tu-dresden.de/papers_ps/feske-nitpicker.pdf


  Design of the EROS Trusted Window System by Jonathan S. Shapiro,
  John Vanderburgh, Eric Northup, and David Chizmadia, in proceedings
  of the 2004 USENIX Security Conference, 2004.

  http://www.eros-os.org/papers/usenix-sec2004.ps

Neal