[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Changing from L4 to something else...
|
From: |
Bas Wijnen |
|
Subject: |
Re: Changing from L4 to something else... |
|
Date: |
Tue, 1 Nov 2005 14:05:58 +0100 |
|
User-agent: |
Mutt/1.5.11 |
On Mon, Oct 31, 2005 at 10:19:47PM -0500, Jonathan S. Shapiro wrote:
> On Mon, 2005-10-31 at 19:41 -0700, Christopher Nelson wrote:
> > > 1) How does an administrator help a user fix a misbehaving session (i.e.
> > > if a malicious program finds some way to take over a user's session by
> > > doing something like take focus any time the user moves the mouse) if
> > > they can't interact with the user's session?
A normal application should not have the right to move windows. It may have
the right to ask the window manager to do that. The window manager must be
trusted by the user. The user should be able to tell the window manager
"don't accept any requests from windows to be moved", and then it will do
that.
This is a situation which is unlikely to be useful anyway: windows moving
themselves. It is allowed in X, but is it ever useful? Just like screen
grabbing, I'd make it possible only if the user explicitly allowed it.
Shapiro will probably consider this another example of something which
shouldn't be made possible at all. :-)
In case things go really bad, for example the window manager is cracked, there
should be a layer on top of it: the system menu. The system menu should at
least allow to detach a session and attach some other session. It may also
provide some means to rescue your session. To enter it, some hardware needs
to be reserved. As Shapiro pointed out previously, this hardware exists: the
"system request" key combination (alt-print screen on my machine). The
keyboard driver must make sure that this key combination will always bring up
the system menu, and that it cannot be handled by a (potentially hostile)
application.
> > Same way you do it on a Windows system: reboot. ;-)
We implement all the good features of all OSs we know. ;-)
> Doesn't work in a persistent system.
There you go. I just asked for a problem with persistence in a previous
e-mail, and now I've found it. :-) Next question: Is this a problem? I think
not...
Thanks,
Bas
--
I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://129.125.47.90/e-mail.html
signature.asc
Description: Digital signature
- Re: Changing from L4 to something else...,
Bas Wijnen <=