Bug 699369 – Secure attention key

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 699369 - Secure attention key


Summary:	Secure attention key


Status:	RESOLVED OBSOLETE

Product:	gdm
Classification:	Core
Component:	general
Version:	unspecified
Hardware:	Other Linux

Importance:	Low enhancement
Target Milestone:	---
Assigned To:	GDM maintainers
QA Contact:	GDM maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2013-05-01 09:11 UTC by Thomas Hotz
Modified:	2018-05-24 10:51 UTC

See Also:	https://bugs.kde.org/show_bug.cgi?id=172474
GNOME target:	---
GNOME version:	---

Description Thomas Hotz 2013-05-01 09:11:36 UTC

From Ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/gdm/+bug/237721

In many environments computers are left unattended (e.g. schools, libraries, etc) and people can launch applications which mimic the look-and-feel of the login application (GDM) in order to get the users username and password.

This is called login spoofing.
* http://en.wikipedia.org/wiki/Login_spoofing

Login spoofing can be prevented by using a secure attention key which is a key combination pressed before the user login to launch the password request dialog. This key can only be seen by the kernel, and not sniffed by any application.
* http://en.wikipedia.org/wiki/Secure_attention_key

Comment 1 GNOME Infrastructure Team 2018-05-24 10:51:18 UTC

-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/gdm/issues/138.