> (1) Does OpenBSD have a mechanism like Ctrl-Alt-Delete on Windows (Secure > Attention Key, or SAK) to prevent malware (or a website in fullscreen, for > example) from faking a logout process and/or faking a login prompt? On > Windows the kernel ensures that the operating system captures this key > combination and takes over with a real login prompt that malware can't fake > without first defeating the OS security.
Any X11 program can display a screen that looks like the login screen. Even on windows; this has nothing to do with intercepting ctrl-alt-del. > (2) I've learned that X11 allows locally running malware to sniff the > keystrokes input to any other X11-using app running under any user. I don't believe that's true. Where have you "learned" that, and how does that work? "Dear X11, what is $user typing into his firefox textarea"? > (3) I saw that Chromium, Firefox, and Tor Browser on OpenBSD (at least when > installed from the OpenBSD package manager/ports) are sandboxed with > pledge(2) and unveil(2). Are there any other major apps, especially that > commonly accept untrusted input, that are also sandboxed like that on > OpenBSD? Especially email clients, media players, word processors, apps to > send/receive/sync files, etc. find /usr/ports/ -name pledge\*
