From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from facesaver.epoch.ncsc.mil (facesaver [144.51.25.10]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with ESMTP id m0O0C5i4010162 for ; Wed, 23 Jan 2008 19:12:05 -0500 Message-ID: <4797D7CB.6010501@tycho.nsa.gov> Date: Wed, 23 Jan 2008 19:11:55 -0500 From: Eamon Walsh MIME-Version: 1.0 To: Glenn Faden CC: Ted X Toth , SE Linux Subject: Re: X avcs References: <47754FCB.1070307@tycho.nsa.gov> <477BEFF1.2090507@sun.com> <47867FCA.50408@tycho.nsa.gov> <47878130.5010000@gmail.com> <4787D5B7.9090606@sun.com> <478FD1A7.8060401@tycho.nsa.gov> <4793FDC7.9050700@sun.com> In-Reply-To: <4793FDC7.9050700@sun.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Glenn Faden wrote: > Eamon Walsh wrote: > >> >> OK, I worked on this today. The property polyinstantiation itself is >> easy enough, but I've run into a problem with the PropertyNotify >> events that occur when a polyinstantiated property is changed or >> deleted - everyone can see them! Some major changes to the event >> delivery model are probably going to be necessary to make this work. >> >> I can't immediately see how it's done in Trusted Extensions. In >> TsolDeleteProperty there is just a regular DeliverEvents call to send >> the event. >> >> I think there will have to be a way to pass some private data down >> with all events, and then have another hook call further down that >> gives a yes/no answer for each client. >> > You're probably right that unnecessary PropertyNotify events may be > distributed to any client who has expressed interest in this event on > the root window. I don't think this is a big problem, however. If the > client cares to read the property whose atom is associated with the > event it will get the value which matches its security context. > > If your concern is that this presents a covert channel, that is an issue > that we generally ignore. For example we don't prevent higher-level > windows from generating exposure events which may be delivered to lower > level windows. We only prevent normal clients from mapping windows into > a Trusted Path workspace. > > --Glenn > I'll press forward with this then, putting the event delivery on the to-do list. -- Eamon Walsh National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.