bbadger@x102c.harris-atd.com (Badger BA 64810) (05/02/89)
Does X have any provision for handling security features such as access control based on sensitivity labels (classification level and categories) or information labels (classification level and categories and ``markings'')? Or additional discretionary access control based on euid/egid? This would have to be applied to all atoms, properties and resources, not just windows. (And any other ``global'' data which could be shared by non-related processes.) If so, please let me know. If this is impossible please let me know why, because I'm about to attempt it myself. What kind of protection for the security mechanism can be used? What kind of privileges would be required for the X server? .. for a ``trusted'' window manager? Are there any applicable standards? I'm aware of TCSEC, TNI, DNSIX. Bernard A. Badger Jr. 407/984-6385 |``Use the Source, Luke!'' Secure Computer Products |``Get a LIFE!'' -- J.H. Conway Harris GISD, Melbourne, FL 32902 |Buddy, can you paradigm? Internet: bbadger%x102c@trantor.harris-atd.com|'s/./&&/g' Tom sed expansively.
rws@EXPO.LCS.MIT.EDU (05/02/89)
The X protocol does not have any explicit provision for fine-grained security, but I'm not aware of anything in particular that stands in the way of adding it. It seems possible to use the authorization data passed in connection setup to carry fine-grained privilege information. The kinds of protection desired are pretty much up to you and what kinds of protection you want to provide. As for what it means to do (e.g.) labelling in a bitmap graphics environment, good luck.