LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

DRI3000

DRI3000

Posted Feb 12, 2013 11:17 UTC (Tue) by ibukanov (subscriber, #3942)
In reply to: DRI3000 by alankila
Parent article: LCA: The X-men speak

> If security relies on user identifying windows and acting based on what they look like, I guess security can't be attained. The pixels are always under attacker's control, one way or other. And I know of no way to sensibly secure, say, policykit's authentication prompt. Anybody can fake that, it's just a window

http://qubes-os.org solved that by not allowing full-screen windows and by using different colors to differentiate windows with different level of trust. As in Qubes all applications runs inside VMs that have no access to the real hardware, applications cannot influence window decorations.

Now, that is slow and drains batteries, but I guess with current hardware it is just impossible to virtualize GPU without performance impact.

> Microsoft chose to train people to look for darkened desktop with a single authorization popup window in middle of it. I've no idea if this is something no other application can fake, or what the point of that is, but it is a tough problem to solve.

It is possible to fake that as long as the OS allows fullscreen windows and does not use hardware buttons to assert administrative tasks. It is sad that MS abandoned that. Ctrl-Alt-Dell is ugly and hard to a press for a disabled person, but they at least could try to use a different key combination.

And even Google have not fully got that. On Android an app can fake the password-protected lock screen and capture a password as Android does not require to press any hardware buttons to unlock it before drawing virtual keyboard. But at least I can press the home key. If that brings me to home screen, then I know that was a fake.

(Log in to post comments)

DRI3000

Posted Feb 12, 2013 18:15 UTC (Tue) by tshow (subscriber, #6411) [Link]

> http://qubes-os.org solved that by not allowing full-screen windows and by using different colors to differentiate windows with different level of trust.

Could I make a window that was bigger than the screen, such that all the borders were off screen and the client area effectively filled the visible area? If so, I could draw whatever I wanted on it, and the OS would still think I was a standard client window...

DRI3000

Posted Feb 13, 2013 8:01 UTC (Wed) by ibukanov (subscriber, #3942) [Link]

> Could I make a window that was bigger than the screen,

Barring bugs in Qubes that is not possible. All applications runs inside VMs and their virtual display is smaller than actual screen.

DRI3000

Posted Feb 13, 2013 6:44 UTC (Wed) by nhippi (subscriber, #34640) [Link]

On my Nexus 7, the actual screen is larger than apps can paint to - some of the screen is reserved to the three soft buttons (back/home/app switcher). They could use this area to show the app logo in this area (at least when there is a password input prompt) to make sure users know what app is asking for password.

App store would still need to check that nobody is uploading apps with deceptive icons...

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds