[Discuss] can one safely login multiple times to the same user on a modern Linux desktop?
Rich Pieri
richard.pieri at gmail.com
Thu Sep 6 10:56:29 EDT 2012
On Thu, 06 Sep 2012 09:52:05 -0400
Robert Krawitz <rlk at alum.mit.edu> wrote:
> Not if you do something like kerberized NFS with mandatory access
> control. Or use thin clients like SunRays.
Kerberized NFS and mandatory access control on the encrypted lower file
system won't prevent the attack. The victim's stacked $HOME file system
is unlocked and mounted when I log in.
Sun Ray terminals aren't necessarily a fix, either. My attack method
here is to use a USB flash drive with something malicious set to
autorun.
> So again, what happens to all of your shell history (not just command
> history, but output history in an xterm or emacs buffer)? Or any
> long-running jobs you need to keep around?
The same thing that happens when a user who needs a workstation hits
the reset button and kills your session the hard way.
--
Rich P.
More information about the Discuss
mailing list