Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: Do you trust X server?
From: Casey Schaufler <casey_at_schaufler-ca.com>
Date: Fri, 18 Mar 2005 08:21:44 -0800 (PST)
Let us be clear. The X consortium has always made it plain the the X server provides mechanism, not policy. You can trust the X server to the same degree you can trust any part of the system that does not implement or enforce policy. If you chose to use the X server as a component of your policy enforcement that is your affair, but the appropriate use of that code is your responsibility, not that of the X server.
> This was 2002, and it was a DoS, but it shows that There are bugs in code that provides mechanism. The security consequences of these problems are one reason why systems are evalauted as a whole, not by their individual components.
> Don't trust X. The case mentioned above requires breakdowns in the browser, font manager, and system admin. None of these are X server problems. Further, the "system" is not damaged at all. The DoS "attack" is a programming flaw, or "bug" in the jargon.
Casey Schaufler
Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.Received on Fri 18 Mar 2005 - 11:28:12 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |