XDC2012: Graphics stack security

Posted Sep 26, 2012 17:51 UTC (Wed) by dpquigl (guest, #52852)
In reply to: XDC2012: Graphics stack security by dlang
Parent article: XDC2012: Graphics stack security

X has an access control framework similar to the LSM kernel framework called XACE. XSELinux is a security module for the XACE framework that uses SELinux to define policy and make access control decisions (called a Userspace Object Manager in SELinux speak). You're welcome to write other access control modules for XACE and propose them for inclusion if you have a good idea for an access control module.

to post comments

XDC2012: Graphics stack security

Posted Sep 26, 2012 23:43 UTC (Wed) by mupuf (subscriber, #86890) [Link] (3 responses)

X cannot be made secure by nature. Even if we managed to do whatever we want with X, the applications aren't ready for that and would just crash because they don't always look at the error codes.

The point of the presentation wasn't to fix X, it was to fix DRM, to talk about security in Wayland and discuss about a security policy for it.

XDC2012: Graphics stack security

Posted Sep 27, 2012 0:15 UTC (Thu) by dlang (guest, #313) [Link] (2 responses)

causing an app to crash because it tries to do a screenshot and it wasn't allowed to seems like a very reasonable thing to have happen :-)

While I expect that doing checks on these half dozen or so 'special' priviledges would break a few things, I don't think it would be that many, and if the capaibility was available, distros would experiment with them.

After all, we know that SELinux breaks things, but it's being deployed. I would expect that SELinux has broken far more things than a handful of permission checks in X would.

> The point of the presentation wasn't to fix X, it was to fix DRM

this writeup makes it sound like it was talking about problems in X not in the DRM layer.

XDC2012: Graphics stack security

Posted Sep 27, 2012 9:56 UTC (Thu) by Siosm (subscriber, #86882) [Link]

> While I expect that doing checks on these half dozen or so 'special' priviledges would break a few things, I don't think it would be that many, and if the capaibility was available, distros would experiment with them.

I don't think we will be able to fix the input problems in X.

> After all, we know that SELinux breaks things, but it's being deployed. I would expect that SELinux has broken far more things than a handful of permission checks in X would.

SELinux is mostly used in a "targeted" way in Red Hat/Fedora, and thus does not protect GUI apps. It is a lot of work to create and maintain an SELinux policy for every GUI applications.

> this writeup makes it sound like it was talking about problems in X not in the DRM layer.

The second talk deals with DRM problems. This one was done to recap known problems and make sure we do not do the same "mistakes" with Wayland/Weston

XDC2012: Graphics stack security

Posted Oct 1, 2012 4:33 UTC (Mon) by raven667 (subscriber, #5198) [Link]

> After all, we know that SELinux breaks things, but it's being deployed. I would expect that SELinux has broken far more things than a handful of permission checks in X would.

Most SELinux permissions checks happen where applications should already expect them to be occurring such as on filesystem objects. Putting in permissions where there weren't any before and where there is a lot of backwards compatibility requirements for very old software seems like a very bad idea and quite likely to break the world.