Ways to eliminate gksu and policykit authentication spoofing

Registered by Marc Deslauriers on 2010-04-28

Users need to type in their password to perform certain administrative functions. The gksu and policykit authentication boxes can easily be spoofed. This session would investigate the possibility of adding personal information to the dialog boxes to decrease their chances of being spoofed. One idea would be to simply display the user's About Me picture in the dialog.

Blueprint information

Status:
Not started
Approver:
Kees Cook
Priority:
Low
Drafter:
Marc Deslauriers
Direction:
Needs approval
Assignee:
Marc Deslauriers
Definition:
Approved
Series goal:
Accepted for maverick
Implementation:
Not started
Milestone target:
milestone icon ubuntu-10.10

Related branches

Sprints

Whiteboard

Work items:
add random aboutme picture selection at user creation: POSTPONED
add aboutme picture to policykit dialog box: POSTPONED
add aboutme picture to gksu dialog box: POSTPONED

2012-07-15: This idea was saved from the memory hole and included in <https://wiki.ubuntu.com/AccountPrivileges#Icon>. --mpt

(?)

Work Items