rosen@ssc-vax.uucp (Robert Rosen) (03/02/91)
Can anyone out there let me know of any books/articles/papers dealing
with the issues of security in the X window system?
-------------------------------------
Bob Rosen |
Boeing Aerospace & Electronics | "I have X'd myself from your world"
rosen@astarsgate.boeing.com | -- Charles Manson
206-773-2852 |
-------------------------------------dshr@eng.sun.COM (David Rosenthal) (03/03/91)
> Can anyone out there let me know of any books/articles/papers dealing > with the issues of security in the X window system? > I have presented a couple of time to X workshops. A derivative of my code to do per-user authentication based on Sun's "Secure RPC" is in R5. There is a DoD specification called CMW that various vendors are implementing - they cooperate through the Trusted System Interest Group. CMW deals with the issues raised by having information at various classification levels on a single screen. If your requirement is for the DoD this is what you need. However, this doesn't really help the commercial user. CMW makes assumptions (for example, secure networking) that don't hold in commercial use and has capabilites that commercial users don't need. With the current host-based scheme, giving access to a host is equivalent to giving everyone who has access to that host your password. With the per-user scheme, giving access to a user is equivalent to giving that user your password. The server has no internal firewalls to protect one authenticated user from another. I prototyped firewalls of this kind some years ago, but the code languished. The prototype (called LINX for Less INsecure X) was simpler but probably more useful for commercial use than CMW. Nevertheless, it was still not a complete solution. Use of X in its current state is not advisable in systems containing valuable information. Nor, given its primitive error handling, should it be used in systems whose failure would impact safety (For example, I learnt last fall that the Hungarians are using X to implement user interfaces to nuclear power plant control. Its their country, but I wouldn't want to live downwind when they get a BadAlloc). David.