How to do the following special prompt security mitigation method
(see quote and/or screenshot bellow)
in Qubes when enabling SuDo password?
So to prevent entering the SuDo password into a fake-prompt upon escalating to SuDo and/or ROOT
Blockquote
For these purposes a Secure Attention Key is sometimes used. You may have sometimes seen a Windows login screen saying “Press Ctrl-Alt-Del” to login. This is because Ctrl-Alt-Del goes straight to the OS and cannot be faked by a fake login shell. Because Ctrl-Alt-Del can be used to securely get the attention of the operating system, it is called a Secure Attention Key.
There are some alternatives to a Secure Attention Key. For example, you could choose an image you expect to see when you log in. Better not store that image where unprivileged processes can read it or display it where unprivileged processes can screenshot it though. So this still requires separating out the login screen from the unprivileged general work account in a way tools likesudodon’t.
source:
Plus,
in general,
this would be really cool to have.
If an image is not supported
(or if risk of stenography is too high),
could there be a special protected plain text file that appears as a few words to prove this is THE REAL prompted and not a spoofed fake SuDo login prompt?