retitle 305600 [MARTIN] [DOC] Preventing login pishing tag 305600 patch thanks
Ok, let's summarize a bit (Alex, you'll see with the time how much I love to summarize stuff ;) login is only a regular program, and as the submitter noted, it can be quite easily faked. Unfortunately, there is very few we could do in the package itself. We could use the root access we have and the attacker don't have, but the prefered solution is to use the SAK linux kernel feature (too bad for non linux users of debian ;). So, in my mind, this is only a documentation issue. I propose to add the following to login(1), in the "CAVEATS" section. >>>> As any program, login appearance could be faked. If non-trusted users have a physical access to the machine, an attacker could use this to obtain the password of the next person siting on front of the machine. The better way to prevent this is to use the SAK feature of the linux kernel. See for example Documentation/SAK.txt in the kernel source tree for more information. <<<< Gerhard, would it be ok for you? Other people, comments? Mt.
signature.asc
Description: Digital signature
