Announcing Fedora 11 Alpha (blink)
Adam Jackson
ajax at redhat.com
Mon Feb 9 17:11:36 UTC 2009
On Mon, 2009-02-09 at 10:37 -0500, Chuck Anderson wrote:
> On Mon, Feb 09, 2009 at 10:34:16AM -0500, Adam Jackson wrote:
> > If someone can come up with a scenario where you really need zap, and
> > not just vt switch and/or logout dialog, I'm eager to hear it. If you
> > can come up with one that isn't "some broken application took a server
> > grab and won't give it back", I'll even be interested.
>
> It serves as a Secure Attention Key--a way to assure that you are
> getting the "real" login screen and not a trojan that is trying to
> capture your login password.
Except for all the ways it doesn't, of course. If someone has managed
to get access to your X server, odds are good they can a) do it again,
b) replace bits of the user's X init sequence.
DGA even lets you steal the c-a-bs away from the server's command
processing, which is _way_ awesome. Now you can even fake the server
reset sequence!
- ajax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/test/attachments/20090209/f493e276/attachment.bin
More information about the test
mailing list