I have gotten enough answers now that I am finished with the private portion of the research... now let's open it up. (I hope we can all be adult enough to not have this thread suicide as well)

My question, which is based on a particular need I have that I understood as not being possible to implement in Linux was:
[QUOTE]What: How can I create a trusted path in Linux?

Explained: I need an inimitable key/key sequence that allows the user to connect directly to the trusted computer base (TCB).

Why: To prevent users at shared terminals from utilizing false login screens for the purpose of elevating their access by capturing user credentials.

Windows: Windows 2000 offers this functionality by requiring the control-alt-delete key sequence before providing a login screen. User space Windows applications cannot capture this sequence.

My understanding: Although Linux does support the Secure Attention Key (SAK) it is not part of the TCB, it is buggy, and not universally supported.
QUOTE]

The answers I received included:

[list=1][*]compile the kernel with sysrq support and this will provide the SysRQ+K or Alt+SySRQ+K keystroke combination.[*]rc.local (depending on the distro) and add the command: echo "control alt keycode 101 = SAK" | /bin/loadkeys ... This would make Alt+Ctrl+Pause the SAK sequence and could only be modified by the superuser. [*]http://www.ggi-project.org/[*]SAK is still premature in development projects[*] If you suspect there might be a bogus login screen on your tty, simply enter a couple bogus usernames and passwords, so that it exits and puts you back to the (hopefully) regular /bin/login program.[*]try to kill any programs running on that current tty before you login[*]You do need the "Magic SysRq key" enabled in the kernel (has been in there since 2.1.0).[*]Since the X server is not part of the Linux kernel I don't think there will be a secure path for graphical logins for quite some time..[*]Linux needs to catch up here.[*]CTRL-ALT-DEL is trapped by the system and /etc/inititab specifies which prog. to run: ca::ctrlaltdel:/sbin/shutdown -t3 -r now ... By modifying the /etc/X11/xdm/xdm-config and modify: DisplayManager*chooser: /etc/X11/xdm/chooser to run an app of your choosing that displays a screen that says Press CTRL-ALT-DEL to login and mdify inittab to run chooser when pressed.[*]In short, due to the current way Linux is designed, you can't.[*]Linux doesn't really have a TCB, so you can never get a reasonable level of trust. [/list=1]

The conclusions I have drawn from this are:

Although there are ways to kill processes and bypass keystroke trapping... none of these methods are high enough assurance to use in a production environment. At the end of the day, a single compromised terminal can gain the passwords to every account that uses it.

http://www.linux.com/howtos/Secure-P...ted-path.shtml

Seems to agree with this point.

I feel confident that I can chalk this up to the "Not Capable" section. What is troubling is the number of varied responses I received, in this case I blame the fact that without a bit of research, it is difficult to determine if most open source packages are considered no longer research level. To make the issue even more confusing is the fact that there is no agreed upon point where something goes from "research level" to "production level".

Any disagreements to the conclusions made here or should I go on to question two?

cheers,

catch