Eamon Walsh wrote:
> Glenn Faden wrote:
>> This is my first posting to this alias, so let me start by
>> introducing myself. I'm a Distinguished Engineer in the Solaris
>> security organization, and I'm the original architect for Sun's
>> multilevel X11 server. I have worked on this problem since 1990, and
>> have designed three multilevel desktops (Open Look, CDE, and GNOME)
>>
>> One of the biggest challenges in adding fine-grained policy to the
>> X11 server is to make the policy transparent to existing X11 clients.
>> Probably the most critical design decision we made was with respect
>> to root window resources. By default, all root window properties are
>> polyinstantiated by both label and uid. For SELinux, the equivalent
>> policy would be polyinstantiation by security context (not just MLS
>> label). An exception list of single-instance root-window properties
>> is enumerated in a policy file.
>> We have found that the list of exceptions is much smaller than the
>> list that should be polyinstantiated.
>>
>
> Hello. I am not opposed to the idea of polyinstantiated properties.
> Although our approach has always been to attempt to fix applications
> to work within the secure environment first, it looks like this is a
> case where polyinstantiated is needed.
"Fixing" applications to work in a secure environment implies that they
are currently broken. It seems that the policy is broken if it prevents
commonly used applications from working. Isn't the purpose of policy
development to improve the safety of existing applications?
> Our long-term goal is to make applications aware of and responsive to
> the security environment, particularly applications that could
> themselves be multi-level such as e-mail, web, office.
Certainly the environment should support multilevel applications, but I
these are exceptions. Virtually all applications should work without
modification at a single level.
--Glenn
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
Received on Thu 10 Jan 2008 - 18:27:12 EST