Re: off-topic: is a login, login?
> If I seat down at a machine that says:
>
> > Debian GNU/Linux potato portaloo tty1
> >
> > portaloo login:
>
> How can I be sure it is the `real' login, and not just a program somebody
> has run that looks like login and is supposed to capture user-ids and
> passwords?
>
> First I would try ctrl+c and ctrl+z but I am sure that programs can override
> both of these, so what can I do, how can I be sure?
easy... log in with an incorrect password first. if the system uses shadow
passwords then a fake login will have no way to tell whether it's right or
not, and something obvious will happen.
alternatively, log in with the right password; only a setuid fake could
really log you in as you, so if you aren't logged in you know that you need
to log in from some secure place and change your password immediately (not
to mention find out what user was on that tty at that time, and have him
arrested).
of course, both of these are moot if you're talking about network logins to
the standard telnet port, because being <1024 only root can listen on that
anyway. i am fairly confident when i say that if root wants to give you a
fake login, you have absolutely no recourse.
if by contrast you were talking about local logins to the console, there's
one easy way: reboot the machine, then nobody has a chance to put in a
trojan horse (except root, and again, if root wants to spy on you, there's
just about zip you can do, except switch to another machine).
--phouchg
"For a price I'd do about anything, except pull the trigger: for that I'd
need a pretty good cause" -- Queensryche, "Revolution Calling"
PGP 5.0 key (0xE024447449) at http://cif.rochester.edu/~phouchg/pgpkey.txt
Reply to: