Xserver needs to run as "root" on Linux / was: Re: [Xorg] Server side widgets

[Sean Middleditch]

On Tue, 2004-07-13 at 10:44, Nicolas Mailhot wrote:
> Le mar, 13/07/2004 à 10:06 -0400, Sean Middleditch a écrit :
> 
> > This is why Windows has the "Push ctrl-alt-delete to login" window on
> > most corporate workstations.  The kernel and _only_ the kernel can catch
> > and process ctrl-alt-delete.
> 
> Assuming the link from the keyboard to the computer and from the
> computer to the screen is safe (which in the brave new wireless world is
> less and less true)

Although this is incredibly rare in the corporate world, and likely to
stay that way.  Securing the hardware is also possible, as you hinted at
below.  Keyboard connections could very well be encrypted, with the
kernel refusing any keyboard input from keyboards with a different
encryption key.  Just because the current crop of hardware is easy to
hack doesn't mean we have to let our software suck at security, too. 
;-)

And, really, securing the software only has a lot of bang for the
effort.  It's very, very easy to just download a fake login manager and
run it, compared to installing a hardware-level hack.  No security is
ever 100%; the best you can do is deter crackers.

> A minimalist security feature would probably be for the system to ack
> local logins with a passphrase the user entered when his account was
> created. It would not protect against interception but at least you'd
> know the real system was in the loop somewhere.

Except those would be so easy to steal and then put in the fake login
manager to be worthless.  Just watch over your co-worker's shoulder as
they login and get the pass-phrase to display.

> 
> The sad fact is you can't really secure a system with as dumb a device
> as a low-cost ps/2 keyboard. That's why smart card readers have a
> dedicated keyboard/display
> 
> Regards,
-- 
Sean Middleditch <elanthis at awesomeplay.com>
AwesomePlay Productions, Inc.