X (was: New version of capabilities patch online, some more status)
richard offer
offer at sgi.com
Mon May 1 19:34:40 GMT 2000
* $ from tfraser at tislabs.com at "1-May: 2:31pm" | sed "1,$s/^/* /"
*
*
* Hi!
*
* On Thu, 27 Apr 2000, Ilmar S. Habibulin wrote:
*
* > IMHO, there would be enough to implement X server, which could act on one
* > level (and serve clients which have only this level) in a multi-level
* > environment. This clipboard stuff is a headache. So i think that it is
* > your first variant.
*
* If you want to add security functionality to X, I'm sure this
* would be a fun project and a great way to learn about how X works.
I'd like to see this done as a proper project, with Xfree86 support so that we
can integrate it back into their main tree (I don't want to have to maintain a
patch for every X release).
However before we can start we need a T6 implementation on at least one OS.
*
* LOMAC adds MAC functionality to the Linux kernel. It treats
* user-space applications (like the X server and all X applications) as
* black-box "subjects" that read and write black-box "objects". It was
* difficult for LOMAC to enforce any meaningful separation between X
* applications (for example, to allow a single X server to support xterms at
* different privilege levels), because all of the applications shared data
* by reading and writing to the same set of objects (such as the UNIX domain
* sockets that appear under /tmp/.X11-unix). So when I use X with LOMAC,
* all my X applications run at the same privilege level.
You need an implementation of the t6 APIs (which adds MAC to sockets).
If you're still working on this, you'll find some sample code (kernel and
client side library) at the SGI B1 site
(http://oss.sgi.com/projects/ob1/src/tsig/)
*
* - Tim
*
richard.
-----------------------------------------------------------------------
Richard Offer Widget FAQ --> http://reality.sgi.com/widgetFAQ
MTS-Core Design (Motif)
___________________________________________http://reality.sgi.com/offer
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list