TrustedBSD Extensions Project (fwd)

Robert Watson rwatson at
Thu Apr 20 17:23:13 GMT 2000

On Tue, 11 Apr 2000, richard offer wrote:

> * The mandatory access control components of TrustedBSD, as with other
> * trusted operating systems, are intended to address the subject and object
> * labeling requirements.  Specifically, all user data objects, and subjects,
> * are assigned security labels which limit the types of accesses that may be
> * performed.
> What are you intending to do for X ? Or are you only interested in the server
> problem space ?

Sorry I missed this in the first round of comments, so figured I'd reply
to it now (especially in light of your detailed TCB post) -- at this
point, both based on the experience bases of those committing development
time, and the immediate target audiences, support for MAC labeling in X is
not on the agenda.  It has one of those "?"'s beside it :-).  In essence,
at this point, we're targeting the server environment based on our own

That said, I think that having an implementation with integrated support
for a workstation and management environment is very important.  If we can
get a lot of this, ``for free'' by virtue of having consistent interfaces
with the SGI Linux implementation, I'm all for that.  I'd also be very
interested in drawing from other parts of the BSD community to identify
developers with the right experience base, skills set, and interests to
help on integration work with X Windows.

One piece of support infrastructure that you point to as being required is
TSIX, which to my (shallow) understanding is API and supporting
standardization for tagging IPC channels with MAC labels (etc), both
locally and across a network -- left out of POSIX.1e as POSIX doesn't
attempt to address the sockets case.  Is this impression right, or am I
thinking of something else?  Has interoperability been successfully
demonstrated across trusted operating system platforms using mechanisms
such as this?  I'm far more confident about my understanding of the
problem space in the context of a single OS on a single box, and less so
in the network and cross-OS issues.

So take this as a yes--we're interested although aren't familiar with the
problem enough with the problem space to comment much more than that :-).

BTW, it may be worth CC'ing the posix1e mailing list with some API-related
discussion, as there are a number of interested parties on that list that
probably aren't on the TrustedBSD mailing list.  For those unfamiliar with
the list, it's hosted off of (as are the TrustedBSD
mailing lists), and can be subscribed to by sending email to
majordomo at

  Robert N M Watson 

robert at    
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services

To Unsubscribe: send mail to majordomo at
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list