Secure attention key

Sounds reasonable :-)

not really the scope of a bug report, rather a specification, and I think there is already similar bugs open on launchpad

Sebastien Bacher,
I know that it is not a bug, but I had hoped that it would get flagged "Wishlist".

it can be tagged wishlist but it's not likely to ever be worked from the bug tracker and will just make the list of bugs harder to work on, would be a good blueprint topic though

I don't know how to make a blueprint. :(
Hopefully, someone else can make it...

I agree with Sebastien.

The blueprints process is described at: https://wiki.ubuntu.com/FeatureSpecifications

Agreed a blueprint is probably more appropriate. Also, if it were done, gdm and kdm would be sufficient; no need for xdm as well probably.

In my humble opinion, neither gdm nor kdm (or xdm) alone can provide this feature as some lower level support is necessary to implement a true SAK (linked to some hardware interrupt).
By the way, in some sense, this secure attention key already exists: it is CTRL-ALT-BACKSPACE, which will kill and restart the X server, and hence induce a session close and gdm/kdm/xdm restart. It is also certainly possible to remap CTRL-ALT-DEL to trigger a similar behavior. I'd suggest inquiring into these obscure system settings before submitting a wishlist.
Anyway, the most difficult task is certainly to teach users to hit CTRL-ALT-BACKSPACE (even security conscious ones) *before* typing their login/password... ;-)
Maybe we should simply add a new message to the login manager - if the marketing departement agrees...

In Windows this is solved it saying "Press Ctrl-Alt-Delete to login".
http://toastytech.com/guis/srv2k3login1.jpg
http://www.csuci.edu/it/tutorials/images_lablogon/01.gif

Would Alt-SysReq-K suffice?

John McCabe-Dansted,
Alt-SysReq-K restarted my X.
It kind of worked, but in Windows it is more flexible because you can resume sessions, and switch sessions I think, without killing all the sessions.
Also, it would be preferable if it used the same key combination as Windows, since everyone knows that. Ctrl+Alt+Del is much easier to remember than Alt-SysReq-K.

CTRL-ALT-DEL also means "shutdown" on many Linux distributions when hit on the (text-based) console, so using this shortcut does not seem adequate to me due to the caveat of *not* using it when login in on such terminals. (And I find this useful too to allow operators with physical access clearance to shutdown a server while not having logical access to the computer, e.g. in emergency situations.)

Anyway, for me, the primary issue/wishlist is not chosing the "right"(tm) combination of keys but rather *displaying* it at the login prompt in a more or less unified way. Wouldn't it be an improvement to display a standard help message on most graphical login managers to clarify this unknown functionality of our login process: SAK-like behavior?
At least, it may be nice from the security marketing point of view. (IMHO, we already do it, so let's just inform users about it...)

BTW, a well-designed trojan horse may try to mislead users about thekey combination too... ;-)

Not an issue for ubuntu-meta (which is purely about the metapackages which control which packages are installed by default). The other tasks on this bug remain open - this is just housekeeping.

On public terminals, we could time out the login after say 60 seconds and replace it with a window saying something like

"Press Alt-SysReq-K to login.

Always press Alt-SysReq-K before logging in to this computer.
This will keep your password safe from fake login windows."

John,
I think that sounds like a good idea.
I am not sure most people know where the SysReq key is though. :p

Hello,

Thanks for reporting this feature request! Unfortunately, at this time Kubuntu does not have the developer manpower needed to implement and maintain many features at the Kubuntu level. But don't worry! This issue is being tracked by the KDE developers at: http://bugs.kde.org/show_bug.cgi?id=172474
Once implemented in KDE, it will be included in Kubuntu once the KDE version the feature is implemented in reaches Kubuntu.

Thanks!

This would likely be fixed in unity-system-compositor, not LightDM.