Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750767AbWEQQ3i (ORCPT ); Wed, 17 May 2006 12:29:38 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1750804AbWEQQ3i (ORCPT ); Wed, 17 May 2006 12:29:38 -0400 Received: from pool-71-254-71-216.ronkva.east.verizon.net ([71.254.71.216]:62148 "EHLO turing-police.cc.vt.edu") by vger.kernel.org with ESMTP id S1750767AbWEQQ3i (ORCPT ); Wed, 17 May 2006 12:29:38 -0400 Message-Id: <200605171629.k4HGTWiJ022335@turing-police.cc.vt.edu> X-Mailer: exmh version 2.7.2 01/07/2005 with nmh-1.2 To: "linux-os (Dick Johnson)" Cc: linux cbon , Jesper Juhl , Linux kernel Subject: Re: replacing X Window System ! In-Reply-To: Your message of "Wed, 17 May 2006 11:30:46 EDT." From: Valdis.Kletnieks@vt.edu References: <20060517145335.36079.qmail@web26611.mail.ukl.yahoo.com> <200605171509.k4HF9dPR019875@turing-police.cc.vt.edu> <200605171514.k4HFEPKq020058@turing-police.cc.vt.edu> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1147883372_4166P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Wed, 17 May 2006 12:29:32 -0400 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1758 Lines: 46 --==_Exmh_1147883372_4166P Content-Type: text/plain; charset=us-ascii On Wed, 17 May 2006 11:30:46 EDT, "linux-os (Dick Johnson)" said: > The X window system was an excellent design > that just isn't used properly if you really > need a high security environment. All you > need is a "display machine" that runs X. But now your "display machine" is inside the security perimeter, and as such, has to be treated as high security as well. Otherwise, you're basically doing the equivalent of granting insufficiently authenticated VPN access into the high security part of the net. A more deployable answer is for the X server to compartmentalize the clients, be aware of their security classifications, and mediate interactions (for instance, if a "cut" is done in a high-security window, only allow it to be "paste" into other high-security windows). The X Security Extension was one effort to start doing this, and more recently, there have been patches to allow SELinux mediation of the interactions. Of course, there will still be those applications where the user ends up with 2 computers, monitors, keyboards, and mice on their desk, each connected to a different level network. --==_Exmh_1147883372_4166P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Exmh version 2.5 07/13/2001 iD8DBQFEa09scC3lWbTT17ARAsuMAJ9b712hkg91iw9pQxNurbYUGDrktwCeNioS JOjC3GOSvAx4tjIeFUxPD3o= =JMgR -----END PGP SIGNATURE----- --==_Exmh_1147883372_4166P-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/