Am Samstag, den 10.01.2009, 14:36 -0500 schrieb Gregory Maxwell: > On Fri, Jan 9, 2009 at 10:33 PM, Jerry Amundson <jamundso@xxxxxxxxx> wrote: > > On 1/9/09, Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote: > >> A central unspoofable password dialog does make sense for improving > >> security, Fedora isn't there yet… but CLI apps kicking you to some > >> external dialog for passwords is a necessary step to that end. > > > > And that's been proven by whom? > > … > > Perhaps you didn't understand what I was saying. > > It is considered a reasonable goal by many that there ought to be a > way for joe-average-user to be confident that when he is entering a > password it isn't being entered into some spoof/trojan program. > > There are a number of ways to accomplish this, for example: There > could be a secure system level password entry box that requires a > magic keypress to activate, and the keypress can't be intercepted by > anything 'user level'. (The windows NT press ctrl-alt-delete login box > is an example of this). Or, for example, the entry could be > accomplished via a secure hardware device (such as a smartcard or > external keypad) which communicates with a protected system level > service. I'm sure you can imagine a few more possibilities. > > Individual apps (be they CLI or GUI) prompting the user for their > password inline is simply incompatible with that goal. If every little > application has it's own password prompts and password entry > facilities the user can't be confident that the one he's talking to is > the one he wants and isn't just some trojan. > > This isn't to say that the one-password-dialog-to-rule-them-all must > be obnoxious, focus stealing, etc. ... only that a particular security > goal which you may or many not share requires the consistency of > singular password entry point. > Perhpas slightly off-topic - but related - bug: https://bugzilla.redhat.com/show_bug.cgi?id=136341 >From five years ago. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
