On Monday 09 February 2009 15:48:32 Fulko Hew wrote: > On Mon, Feb 9, 2009 at 10:37 AM, Chuck Anderson <cra@xxxxxxx> wrote: > > On Mon, Feb 09, 2009 at 10:34:16AM -0500, Adam Jackson wrote: > > > If someone can come up with a scenario where you really need zap, and > > > not just vt switch and/or logout dialog, I'm eager to hear it. If you > > > can come up with one that isn't "some broken application took a server > > > grab and won't give it back", I'll even be interested. > > > > It serves as a Secure Attention Key--a way to assure that you are > > getting the "real" login screen and not a trojan that is trying to > > capture your login password. > > Following that thread of logic... > > How would I know that the 'secure attention key' hadn't also been > trojan'ed? Because if it's handled directly in the X server, and not the DE, it can only be trojanned by replacing the X server itself, and at which point all bets are off anyway. As long as the server itself isn't replaced, you know the key sequence is useful. The problem now is that someone can grab that key combo and fake a login screen :o) A more effective way might be the Alt-SysRq-K sequence, if Alt-SysRq is enabled (but that was disabled by default for some time now). -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list
