XACE performance data, fixed XACE patch

Jim Gettys Jim.Gettys at hp.com
Fri Mar 11 08:00:18 PST 2005 

On Fri, 2005-03-11 at 16:23 +0100, Roland Mainz wrote:

> > XACE is a framework for adding additional security-related extensions
> > alongside (or in place of) the current extensions.  The intent is not
> > to fix, change, or replace existing functionality, so that a user
> > should see no changes in behavior regardless of whether the XACE patch
> > has been applied.
> > 
> > When a new extension is created, it "plugs in" to the XACE framework
> > and notifies the framework of the type of events it's interested in.
> > When these events occur, the framework then calls functionality in the
> > extension that makes a security decision.  The event is allowed to
> > occur only if all security extensions agree that it's acceptable.
> 
> So you only use a simple black&white scheme to either "allow" or
> "disallow" access and do not have a way for more fine-grained handling,
> right (such as the ability to have a "security manager"[1] client which
> then shows a dialog (including window name, application,
> uid/gid/projid/label) which asks to "grant", "reject" or "dummy" (for
> example XGetImage() may either result in a "BadAccess" X error or simply
> returns the window background color (sort of "dummy" response)) the
> request) ?
> 
> [1]=Inspired by the detail that the NCD X terminals poped-up a dialog
> when you wanted to use the XIE (X Imagining Extension) without having a
> license for it (e.g. some sort of advertising... =:-)
> 
> > The framework could be used to add the concept of user ID's, as in the
> > TSOL link you've provided below, and as Jim Gettys has mentioned in
> > other posts.
> 
> Alternatively it may be nice to get Sun to contribute their work to Xorg
> as they already have this stuff working since ~~eight years (e.g. at
> least since Trusted Solaris 2.5.1) ...
> 

Unless the Sun extension is generally useful (which is to say, multiple
security policies can be defined), it is not interesting.  Just doing
CMW workstations, while useful for that community, is not interesting to
the community as a whole, and therefore it would sit and rot as
XSecurity has rotted.  To support shared displays of various sorts, we
need some more general framework (so that clients from different users
can share the same display server).

More information about Sun's extension would be welcome, of course, as
we figure out the right set of usable policies for different
environments.

And we don't want several sets of hooks in the server, so the XAce
approach seems sound.

The SELinux approach for security in general is interesting, and it
isn't (necessarily) limited to Linux.  There is work in OpenBSD for the
same sort of techniques underway, IIRC.
				- Jim

More information about the xorg mailing list