[SecurityRoadmap] Ubuntu should implement the secure attention key

This applies to terminal only machines and terminals within X servers:

Consider a single person using two Linux accounts: A non-root account and root. This typically applies to at least one person per machine.
Now consider the person running malicious software on a terminal with his non-root account. By design, Linux terminals allow full control of the whole terminal screen to software which is running.

So while the malicious software pretends to have finished execution and returned to the shell, it fakes the whole UI of the shell and captures all keyboard input.
As soon as the user does "sudo", it obtains the password for root. System rooted.

Notice that there is even an easier attack vector: Edit .bashrc to contain "alias sudo=malicious stuff"

This issue extends beyond the usage of "sudo": The core of the problem is that on terminal, the whole screen can be painted by non-privileged applications, faking the login screen.
Therefore, it also applies to people using "logout" on terminal-only machines, so "logout" should also be discouraged.

As a solution, I propose we make the following recommendations the standard:
1. People should only "su" to user accounts with LOWER privileges, never to higher privileged ones.
2. Only login screens which were triggered by a so called "secure attention key" (SAK) should be used. This is a special keyboard combination which is monitored directly by the kernel and causes killing of all processes which intercept the terminal output/input, resulting in the terminal dropping to the REAL login process. On Ubuntu 12.04 server, for me it is Alt+Print+K. For an explanation, see http://en.wikipedia.org/w/index.php?title=Secure_attention_key&oldid=473867931

Additionally, "sudo" and "logout" should print out a warning to explain the issue and tell the user to use the SAK.