The status of Wayland security

Posted Mar 13, 2014 15:58 UTC (Thu) by tialaramex (subscriber, #21167)
In reply to: The status of Wayland security by SLi
Parent article: The status of Wayland security

Hmm.

Ctrl-Alt-Del is a SAK (Secure Attention Key)

Linux implements a SAK but it is rarely used for anything relevant here

However, the first thing that happens when you press the SAK in Windows is that it summons a separate desktop, and that means it captures all input. So I don't think Windows is behaving so differently as you think in this regard.

The status of Wayland security

Posted Mar 13, 2014 16:29 UTC (Thu) by raven667 (subscriber, #5198) [Link]

I think the hair being split here is that the input security is a property that falls out as a consequence of switching to a private desktop (and that switching being robust) and is not a special property of the password-accepting application window and is not happening "in-band" of the users desktop.

I think this approach to work around key loggers has merit but only so far as the OS commits to it, and the user can identify when they are being phished, any password dialogs which happen in-band of the users desktop reduce the effectiveness of this design, even in Windows the local users password is accepted in dialogs, when changing privileged settings for example, that doesn't require a SAK to initiate the dialog.