X (was: New version of capabilities patch online, some more status)

Jeffrey W. Thompson thompson at argus-systems.com
Mon May 1 20:03:25 GMT 2000 

I should offer that PitBull from Argus has a libt6 implementation on it, and
people wanting to begin porting of Xfree86 to be multi-level could use this as a
base platform to begin work.  Depending on how similar the TrustedBSD APIs are to
the PitBull APIs porting should not likely be very difficult.  PitBull is
available for Sparc and x86 Solaris 7 for free for non-commercial use.

It's to the people doing the port, but I wanted to offer this is a way to get
working today.

One issue to rolling the modifications into the main tree is going to be the
various differences between Trusted Operating Systems.  We will all likely want to
get the tree running on our platforms.  There are going to be at least three
mainstream API variants in the near future (Argus PitBull on Solaris, AIX, Linux,
and UnixWare), TrustedBSD (on FreeBSD), and the forthcoming (this is correct?) SGI
port (on Linux).  While it seems unlikely that we will all agree on a mutual API,
it is probably in all of our interests to have a good discussion on portability
issues between APIs for application level development.

Cheers,

Jeff

Jeff Thompson
Software Evangelist and Visionary
Argus Systems Group, Inc.
Free B1 Trusted OS - www.argusrevolution.com

richard offer wrote:

> * $ from tfraser at tislabs.com at "1-May: 2:31pm" | sed "1,$s/^/* /"
> *
> *
> * Hi!
> *
> * On Thu, 27 Apr 2000, Ilmar S. Habibulin wrote:
> *
> * > IMHO, there would be enough to implement X server, which could act on one
> * > level (and serve clients which have only this level) in a multi-level
> * > environment. This clipboard stuff is a headache. So i think that it is
> * > your first variant.
> *
> *       If you want to add security functionality to X, I'm sure this
> * would be a fun project and a great way to learn about how X works.
>
> I'd like to see this done as a proper project, with Xfree86 support so that we
> can integrate it back into their main tree (I don't want to have to maintain a
> patch for every X release).
>
> However before we can start we need a T6 implementation on at least one OS.
>
> *
> *       LOMAC adds MAC functionality to the Linux kernel.  It treats
> * user-space applications (like the X server and all X applications) as
> * black-box "subjects" that read and write black-box "objects".  It was
> * difficult for LOMAC to enforce any meaningful separation between X
> * applications (for example, to allow a single X server to support xterms at
> * different privilege levels), because all of the applications shared data
> * by reading and writing to the same set of objects (such as the UNIX domain
> * sockets that appear under /tmp/.X11-unix).  So when I use X with LOMAC,
> * all my X applications run at the same privilege level.
>
> You need an implementation of the t6 APIs (which adds MAC to sockets).
>
> If you're still working on this, you'll find some sample code (kernel and
> client side library) at the SGI B1 site
> (http://oss.sgi.com/projects/ob1/src/tsig/)
>
> *
> *                               - Tim
> *
>
> richard.
>
> -----------------------------------------------------------------------
> Richard Offer           Widget FAQ --> http://reality.sgi.com/widgetFAQ
> MTS-Core Design (Motif)
> ___________________________________________http://reality.sgi.com/offer
>
> To Unsubscribe: send mail to majordomo at trustedbsd.org
> with "unsubscribe trustedbsd-discuss" in the body of the message

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message

More information about the trustedbsd-discuss mailing list