Re: replacing X Window System !

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 17 May 2006 11:30:46 EDT, "linux-os (Dick Johnson)" said:

> The X window system was an excellent design
> that just isn't used properly if you really
> need a high security environment. All you
> need is a "display machine" that runs X.

But now your "display machine" is inside the security perimeter,
and as such, has to be treated as high security as well.

Otherwise, you're basically doing the equivalent of granting
insufficiently authenticated VPN access into the high security
part of the net.

A more deployable answer is for the X server to compartmentalize the clients,
be aware of their security classifications, and mediate interactions (for
instance, if a "cut" is done in a high-security window, only allow it to
be "paste" into other high-security windows).  The X Security Extension
was one effort to start doing this, and more recently, there have been
patches to allow SELinux mediation of the interactions.

Of course, there will still be those applications where the user ends
up with 2 computers, monitors, keyboards, and mice on their desk,
each connected to a different level network.

Attachment: pgpAlAZAMNGct.pgp
Description: PGP signature


[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux