He's not talking about actually replacing the getty or login binaries,
but running a regular unprivileged program that makes itself look exactly
like a valid login screen.
When the unsuspecting user tries to log in, it saves the
username/password, and tells the user that the login failed.
It then exits, and the real getty gets respawned by init.
The user assumes he mistyped his password and retries, and it works.
The person who ran the program then has the user's password, and the user
isn't suspicious at all.
This is why the secure attention key exists; it kills anything on that vt
and lets init respawn the real getty. It would be pointless if the real
getty had been altered.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/