On Wed, 17 May 2006 11:30:46 EDT, "linux-os (Dick Johnson)" said: > The X window system was an excellent design > that just isn't used properly if you really > need a high security environment. All you > need is a "display machine" that runs X. But now your "display machine" is inside the security perimeter, and as such, has to be treated as high security as well. Otherwise, you're basically doing the equivalent of granting insufficiently authenticated VPN access into the high security part of the net. A more deployable answer is for the X server to compartmentalize the clients, be aware of their security classifications, and mediate interactions (for instance, if a "cut" is done in a high-security window, only allow it to be "paste" into other high-security windows). The X Security Extension was one effort to start doing this, and more recently, there have been patches to allow SELinux mediation of the interactions. Of course, there will still be those applications where the user ends up with 2 computers, monitors, keyboards, and mice on their desk, each connected to a different level network.
Attachment:
pgpAlAZAMNGct.pgp
Description: PGP signature
- References:
- Re: replacing X Window System !
- From: linux cbon <[email protected]>
- Re: replacing X Window System !
- From: [email protected]
- Re: replacing X Window System !
- From: [email protected]
- Re: replacing X Window System !
- From: "linux-os \(Dick Johnson\)" <[email protected]>
- Re: replacing X Window System !
- Prev by Date: Re: Kernel vs drivers releases?
- Next by Date: Re: [linux-usb-devel] [PATCH/RFC 2.6.17-rc4 1/1] usbvideo/quickcam_messenger driver v4
- Previous by thread: Re: replacing X Window System !
- Next by thread: Re: replacing X Window System !
- Index(es):
 |