l4-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: User sessions, system request


From: Bas Wijnen
Subject: Re: User sessions, system request
Date: Thu, 31 Jan 2008 12:42:31 +0100
User-agent: Mutt/1.5.17+20080114 (2008-01-14)

On Thu, Jan 31, 2008 at 06:14:35AM -0500, Jonathan S. Shapiro wrote:
> On Wed, 2008-01-30 at 22:46 +0100, Bas Wijnen wrote:
> > As you seem to agree, Alt+SysRq may be designed for the purpose, but it
> > is badly designed and should not be used for it.
> 
> No, I do not agree with this. Yes, I agree it would be better if SysRq
> did not require ALT. No, I do not agree that the current design is a
> serious problem.

Ok.  I don't mind, and if people who use my kernel care, they can always
hack the keyboard driver to use the PrintScreen/SysRq key instead of
Pause/Break.  However, the Pause/Break key can still not be used in a
normal way.  It generates a make event, but no break event.

I therefore prefer to use this key instead to get system attention, and
with some creative terminology it will even have the right name (pause
current program/break out of login session).

But this is an implementation detail, which doesn't have any design
consequences.

> > > This is the right goal. The problem is to ensure that a "normal" program
> > > cannot simulate a password box well enough to fool the user into
> > > entering a password into an unauthorized program.
> > 
> > The user needs to be educated for this: when entering a password,
> > _always_ press break first.
> 
> Actually, that isn't necessary. There are ways to design a window
> manager to provide visual feedback confirming that a trusted window has
> focus.

Only by adding other limitations.  For example, by refusing fullscreen
applications.  If the window manager guarantees that every window has a
border and that the active window's border is always on screen, then
visual feedback is possible.  If the active window doesn't have a border
(because it is fullscreen), it can fake whatever the window manager is
doing in a convincing way.

Anyway, here also no solution is needed, since the "press break first"
method is very acceptable IMO.  Users of the system must get used to
pressing break to talk to trustable parts anyway.

Thanks,
Bas

-- 
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://pcbcn10.phys.rug.nl/e-mail.html

Attachment: signature.asc
Description: Digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]