Hi!
My problem: Any user can write a simple program that emulates the behavior of the console login. Executed in a console it waits for an unsuspecting user and logs the username/password to a file. It then shows login incorrect and exists (starting the real login-program). Most users will assume they had a typo in the password and will not know that their password was stolen. This is a problem e.g. at university labs with linux-PCs and many "creative" users.
Is there a way to prevent a user from "emulating" a login screen (especially for the console)?
This is a difficult problem. You can't really tell if somebody emulates a login screen. You need to kill all processes accessing the console at the time before a password is entered by a user. Basically, only three ideas come into my mind whereas the last is the most suitable: On X (xdm, kdm, gdm), the admin could remove the suid bit from the Xwrapper program (that runs the X-server, finally). Before the user logs on, he could kill the running X-server using the ctrl-alt-backspace method. Then a new X-server comes up, which can only be started as root from (x|k|g)dm. The second solution is using the sysrq (system request) magic from the kernel (v2.2+). sysrq-k kills all programs running on the current virtual console. Very handy at times if you play around with realtime stuff... :-) Downside: It is possible for a user to boot the machine and do other nasty stuff. The last that comes into my mind is a small script or program that runs started by init and that kills all non-root (and possibly others) programs on the machine. It could be bound to ctrl-alt-del like the following (/etc/inittab): ca::ctrlaltdel:/bin/fuser -k /dev/tty[1-6] Unfortunately, this will be executed only once since init remembers that it did already. So this requires either a small init hack another line in /etc/inittab as well as a little shell script, looking like this: ca::ctrlaltdel:/root/bin/camperkiller /root/bin/camperkiller is: #!/bin/sh # don't kill processes on tty7: X! /bin/fuser -k /dev/tty[1-6] # want X to be killed, too? Do it gracefully, no KILL signal! /bin/fuser -k -TERM /dev/tty7 /bin/sleep 2 /sbin/init U This works quite nicely. Since the X-server starts up, it changes VT. So upon X-setup (/usr/X11R6/lib/X11/xdm/Xsetup), you could use `chvt 2´ and display a message there that the users should hit ctrl-alt-del (do this in /etc/issue!).
I think in WinNT this problem is solved by pressing Ctrl-Alt-Del before logging in and it is guarateed that that key-combination will be answered by the OS login screen.
Personally, I dislike the ctrl-alt-del thing. It seems to me that it should teach people that rebooting just like in old DOS times isn't really necessary any more and that there has been some progress since color TV was invented.
Is there anything similar for linux?
Should be possible... :-)
Michael
Thanks,
Roman.
--
- -
| Roman Drahtmüller