Either access the machine via ssh or telnetd, neither of which can be
intercepted by non-root processes (or binaries, assuming your permissions
on telnetd and sshd and their directories are correct), or login from a
console the lusers can't get to. If you feel really paranoid, have the
gettys not allow non-root/non-admin logins; that way, lusers can't capture
root on your console because they can't open your console.
The rest of this proposal seems to be overly complicated at least, paranoia
at worst. There are simpler ways of ensuring the security of a login
prompt, assuming root hasn't been compromised.
Keith
-- "Well, look at that. The sun's | Linux: http://www.linuxhq.com |"Zooty, coming up." -- John Sheridan, | KDE: http://www.kde.org | zoot "Sleeping in Light", Babylon 5 | Keith: kwrohrer@enteract.com | zoot!" www.midwinter.com/lurk/lurker.html | http://www.enteract.com/~kwrohrer | --Rebo- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/