Ubuntu

Ways to eliminate gksu and policykit authentication spoofing

Registered by Marc Deslauriers on 2010-04-28

Users need to type in their password to perform certain administrative functions. The gksu and policykit authentication boxes can easily be spoofed. This session would investigate the possibility of adding personal information to the dialog boxes to decrease their chances of being spoofed. One idea would be to simply display the user's About Me picture in the dialog.

Blueprint information

Status:: Not started

Approver:: Kees Cook

Priority:: Low

Drafter:: Marc Deslauriers

Direction:: Needs approval

Assignee:: Marc Deslauriers

Definition:: Approved

Series goal:: Accepted for maverick

Implementation:: Not started

Milestone target:: ubuntu-10.10

Related branches

Related bugs

Sprints

uds-m

Whiteboard

Work items:
add random aboutme picture selection at user creation: POSTPONED
add aboutme picture to policykit dialog box: POSTPONED
add aboutme picture to gksu dialog box: POSTPONED

2012-07-15: This idea was saved from the memory hole and included in <https://wiki.ubuntu.com/AccountPrivileges#Icon>. --mpt

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

Dave Martin

Dylan McCall

fosk

Jamie Strandboge

Johan Kiviniemi

Kees Cook

LaMont Jones

Luke Yelavich

Marc Deslauriers

Martin Pitt

Matthew Paul Thomas

Serge Hallyn

Ying-Chun Liu

Γουργιώτης Γιώργος (aka Gourgi)