X/smtp servers (was Re: TrustedBSD Extensions Project)

richard offer offer at sgi.com
Wed Apr 12 19:11:52 GMT 2000

* $ from jont at us.ibm.com at "12-Apr: 2:44pm" | sed "1,$s/^/* /"
* Somone purporting to be Richard Offer wrote:
* * $ from robert at cyrus.watson.org at "11-Apr: 8:07pm" | sed "1,$s/^/* /"
* *
* *
* * The mandatory access control components of TrustedBSD, as with other
* * trusted operating systems, are intended to address the subject and object
* * labeling requirements.  Specifically, all user data objects, and
* subjects,
* * are assigned security labels which limit the types of accesses that may
* be
* * performed.
* | What are you intending to do for X ? Or are you only interested in the
* | server problem space ?
* I don't know that even a commercial X has got past CMW.

Do we need anythig beyond CMW ? CMW seems to be perfectly okay for B1 (we're
using it on Trusted Irix, and I think Solaris does something simmiliar ?)

* One obvious solution is to copy MS and use a different window stack/list
* for the trusted path (thats why the three fingered salute brings up the
* control dialog on an otherwise empty screen - its a separate window list).
* One way to do this easily would seem to be to leverage the GGI project
* (www.ggi-project.org) and use its in-kernel driver (supposed to be safer
* than the X in-kernel driver) and to run X servers on top of GGI.
* While there is an X server that runs on GGI already, the GGI people
* haven't yet got trusted path and secure attention key facilities.
* [ I asked about a month ago. They do not have a multiplexor/proxy server
* as a high priority - needed to multiplex mmap'd framebuffer. ]

GGI is not the way to go, I'd rather we (the community) spent our resource on
getting a trustable X.

X is the Standard, its well documented and has been used for years. GGI is the
spin off from a another windowing system (Berlin), and it re-invents the wheel,
trying to blend X, OpenGL and SVGAlib into one. It also seems to allow an
application direct access to a framebuffer (ahhh what if I don't have a direct
linear framebuffer ?).

If anyone wants to correct my mis-interpretations, mail me directly, rather
than weigh down this list with what will degenerate into a long rant.... :-)

* This same problem applies to all large complex user mode servers, for
* example http+cgi, nntp, email, databases.

None of these require direct hardware access, so isn't MAC/SAMP adaquet ?

* - JonT


Richard Offer           Widget FAQ --> http://reality.sgi.com/widgetFAQ
MTS-Core Design (Motif)

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list