[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Plash] XACE X security model
From: |
Mark Seaborn |
Subject: |
Re: [Plash] XACE X security model |
Date: |
Sat, 21 Apr 2007 15:59:47 +0100 (BST) |
John McCabe-Dansted <address@hidden> wrote:
> X.Org 7.2 now has XACE:
> http://people.freedesktop.org/~ewalsh/xace_proposal.html
>
> I was wondering if anyone had checked whether it would be useful to
> Plash. Apparently It does what selinux want, and so I would think that
> it should work for Plash assuming setting the security labels on each
> confined app to be different results in sane behaviour.
Yes, the XACE work should be useful for systems other than SELinux.
They've basically generalised the hooks that were added to implement
the old XSecurity extension.
One big difference from the XSELinux extension is that Plash would
need a different way to set up restricted X11 connections for
applications. XSELinux uses SELinux's getpeercon() system call to
find out the identity of the client process and then restrict it
according to the static system-wide SELinux policy. For Plash we will
need a way to dynamically create protection domains on the X server
and then pass sandboxed processes Unix domain sockets that let them
connect under specific protection domains.
I have been making some notes on the wiki on what would be needed to
secure the X Window System:
http://plash.beasts.org/wiki/X11Security
http://plash.beasts.org/wiki/X11SecurityRequirements
There is still a lot that SELinux doesn't cover as far as X goes. In
particular, a number of window manager changes are necessary.
> This is the closest I found to a mention of the use of XACE in
> selinux, and the mention is only two lines long:
> http://selinux-symposium.org/2007/papers/14-lspp-rbac.pdf
There's also:
http://www.nsa.gov/selinux/papers/xorg07-paper/template-v1.html
http://selinux-symposium.org/2007/abstracts.php#xorg
http://selinux-symposium.org/2007/agenda.php
Mark