Eamon Walsh wrote:
> Daniel J Walsh wrote:
>> Ok now I was hoping the NSA guys would hop in and say. Hey here is
>> how you would do it. :^)
>> Because I have no idea. Any help would be appreciated.
>
> I've been slowly reviewing all of the 35 X protocol extensions of
> which I'm aware, trying to revise the set of object classes and
> permissions. I have about 8 more extensions to go. I'm hoping to do a
> major release of the security framework and Flask module before FC8.
>
> I think the two goals you have set forth are a reasonable target. The
> input goal I don't think is possible with the current implementation,
> because the input extensions (XKB, XInput) are not covered by the
> security hooks. The screenshot goal should be possible. There are
> many screenshot apps but they all should call XCopyImage or similar,
> which are controllable. The problem is that the screenshot app gets a
> BadAccess error from the denial and Xlib calls abort; it's not very
> graceful.
>

That is what I figured. And in order to get upstream of Xorg to fix these problems, we have to start showing usefulness of the access control.

>
>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.