[rescue] Trusted Path (Was: Sunpc Card)

rescue at sunhelp.org rescue at sunhelp.org
Tue May 21 20:24:23 CDT 2002


>... when a user wants to login, they could run the software,
> get the login prompt (I love it, hit the 'reboot' key sequence
> to login!)

As a complete aside--there's a good reason why [CTRL][ALT][DEL]
is used to login, although you have to have a sip of the
old Orange Book TCSEC Kool-Aid first...

The logic is that one should only supply authentication info
via a Trusted Path...to ensure that you're not giving your
password to a trojan app.  The method that MS picked (given the
existing x86 architecture) in NT 3.5 was to hook the Non-Maskable
Interrupt that was already assigned to the three-finger salute.
No matter what else happens, you know that if something responds
to [CTRL][ALT][DEL] on an NT[345] system then it's either the
OS Trusted Path...or your system has been utterly and completely
compromised.

Back in college I knew several people who had written "screensaver"
trojans for the IBM 3270 greenscreens which collected user/password
combos for later use...and that's the sort of thing that this
is designed to prevent.  The Trusted Path thing turns out to be
rather hard to implement in a windowing system--all the UNIXish
ones ended up cordoning off a piece of the screen which becomes
the Trusted Path when the mouse is placed there...but the MS
solution is for once (IMHO) more elegant.

  --Rip



More information about the rescue mailing list