Xserver needs to run as "root" on Linux / was: Re: [Xorg] Server side widgets

[Nicolas Mailhot]

Le mar, 13/07/2004 à 10:06 -0400, Sean Middleditch a écrit :

> This is why Windows has the "Push ctrl-alt-delete to login" window on
> most corporate workstations.  The kernel and _only_ the kernel can catch
> and process ctrl-alt-delete.

Assuming the link from the keyboard to the computer and from the
computer to the screen is safe (which in the brave new wireless world is
less and less true)

A minimalist security feature would probably be for the system to ack
local logins with a passphrase the user entered when his account was
created. It would not protect against interception but at least you'd
know the real system was in the loop somewhere.

The sad fact is you can't really secure a system with as dumb a device
as a low-cost ps/2 keyboard. That's why smart card readers have a
dedicated keyboard/display

Regards,

-- 
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://lists.x.org/archives/xorg/attachments/20040713/9e3db06b/attachment.pgp>