Ubuntu

Secure attention key

Reported by Fred on 2008-06-05
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
KDE Base
Confirmed
Wishlist
Light Display Manager
Wishlist
Unassigned
gdm
New
Wishlist
gdm (Ubuntu)
Wishlist
Unassigned
kdebase-workspace (Ubuntu)
Wishlist
Unassigned
lightdm (Ubuntu)
Wishlist
Unassigned
ubuntu-meta (Ubuntu)
Undecided
Unassigned
xdm (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: gdm

In many environments computers are left unattended (e.g. schools, libraries, etc) and people can launch applications which mimic the look-and-feel of the login application (GDM) in order to get the users username and password.

This is called login spoofing.
* http://en.wikipedia.org/wiki/Login_spoofing

Login spoofing can be prevented by using a secure attention key which is a key combination pressed before the user login to launch the password request dialog. This key can only be seen by the kernel, and not sniffed by any application.
* http://en.wikipedia.org/wiki/Secure_attention_key

PaneQ (robert-pankowecki) wrote :

Sounds reasonable :-)

Sebastien Bacher (seb128) wrote :

not really the scope of a bug report, rather a specification, and I think there is already similar bugs open on launchpad

Fred (eldmannen+launchpad) wrote :

Sebastien Bacher,
I know that it is not a bug, but I had hoped that it would get flagged "Wishlist".

Sebastien Bacher (seb128) wrote :

it can be tagged wishlist but it's not likely to ever be worked from the bug tracker and will just make the list of bugs harder to work on, would be a good blueprint topic though

Fred (eldmannen+launchpad) wrote :

I don't know how to make a blueprint. :(
Hopefully, someone else can make it...

Harald Sitter (apachelogger) wrote :

I agree with Sebastien.

The blueprints process is described at: https://wiki.ubuntu.com/FeatureSpecifications

Bryce Harrington (bryce) wrote :

Agreed a blueprint is probably more appropriate. Also, if it were done, gdm and kdm would be sufficient; no need for xdm as well probably.

Changed in xdm:
status: New → Won't Fix
Changed in gdm:
assignee: nobody → desktop-bugs
importance: Undecided → Wishlist
Changed in kdebase:
importance: Undecided → Wishlist
Changed in kdebase:
importance: Undecided → Unknown
status: New → Unknown
status: New → Triaged
Changed in kdebase:
status: Unknown → Confirmed

In my humble opinion, neither gdm nor kdm (or xdm) alone can provide this feature as some lower level support is necessary to implement a true SAK (linked to some hardware interrupt).
By the way, in some sense, this secure attention key already exists: it is CTRL-ALT-BACKSPACE, which will kill and restart the X server, and hence induce a session close and gdm/kdm/xdm restart. It is also certainly possible to remap CTRL-ALT-DEL to trigger a similar behavior. I'd suggest inquiring into these obscure system settings before submitting a wishlist.
Anyway, the most difficult task is certainly to teach users to hit CTRL-ALT-BACKSPACE (even security conscious ones) *before* typing their login/password... ;-)
Maybe we should simply add a new message to the login manager - if the marketing departement agrees...

Fred (eldmannen+launchpad) wrote :

In Windows this is solved it saying "Press Ctrl-Alt-Delete to login".
http://toastytech.com/guis/srv2k3login1.jpg
http://www.csuci.edu/it/tutorials/images_lablogon/01.gif

John McCabe-Dansted (gmatht) wrote :

Would Alt-SysReq-K suffice?

Fred (eldmannen+launchpad) wrote :

John McCabe-Dansted,
Alt-SysReq-K restarted my X.
It kind of worked, but in Windows it is more flexible because you can resume sessions, and switch sessions I think, without killing all the sessions.
Also, it would be preferable if it used the same key combination as Windows, since everyone knows that. Ctrl+Alt+Del is much easier to remember than Alt-SysReq-K.

CTRL-ALT-DEL also means "shutdown" on many Linux distributions when hit on the (text-based) console, so using this shortcut does not seem adequate to me due to the caveat of *not* using it when login in on such terminals. (And I find this useful too to allow operators with physical access clearance to shutdown a server while not having logical access to the computer, e.g. in emergency situations.)

Anyway, for me, the primary issue/wishlist is not chosing the "right"(tm) combination of keys but rather *displaying* it at the login prompt in a more or less unified way. Wouldn't it be an improvement to display a standard help message on most graphical login managers to clarify this unknown functionality of our login process: SAK-like behavior?
At least, it may be nice from the security marketing point of view. (IMHO, we already do it, so let's just inform users about it...)

BTW, a well-designed trojan horse may try to mislead users about thekey combination too... ;-)

Colin Watson (cjwatson) wrote :

Not an issue for ubuntu-meta (which is purely about the metapackages which control which packages are installed by default). The other tasks on this bug remain open - this is just housekeeping.

Changed in ubuntu-meta (Ubuntu):
status: New → Invalid
John McCabe-Dansted (gmatht) wrote :

On public terminals, we could time out the login after say 60 seconds and replace it with a window saying something like

"Press Alt-SysReq-K to login.

Always press Alt-SysReq-K before logging in to this computer.
This will keep your password safe from fake login windows."

Fred (eldmannen+launchpad) wrote :

John,
I think that sounds like a good idea.
I am not sure most people know where the SysReq key is though. :p

Jonathan Thomas (echidnaman) wrote :

Hello,

Thanks for reporting this feature request! Unfortunately, at this time Kubuntu does not have the developer manpower needed to implement and maintain many features at the Kubuntu level. But don't worry! This issue is being tracked by the KDE developers at: http://bugs.kde.org/show_bug.cgi?id=172474
Once implemented in KDE, it will be included in Kubuntu once the KDE version the feature is implemented in reaches Kubuntu.

Thanks!

Changed in kdebase-workspace (Ubuntu):
status: Triaged → Won't Fix
tags: added: login security
security vulnerability: no → yes
security vulnerability: yes → no
Changed in kdebase:
importance: Unknown → Wishlist
Thomas Hotz (thotz) on 2013-05-01
Changed in gdm (Ubuntu):
assignee: Ubuntu Desktop Bugs (desktop-bugs) → nobody
Changed in gdm:
importance: Unknown → Wishlist
status: Unknown → New
Thomas Hotz (thotz) on 2013-10-10
Changed in gdm (Ubuntu):
status: New → Confirmed
Changed in lightdm:
status: New → Triaged
importance: Undecided → Wishlist
Changed in lightdm (Ubuntu):
status: New → Triaged
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.