Alan Coopersmith wrote: > [Added cc of the TX/Xtsol experts to confirm my understanding. For > their benefit, the proposal is to ship the synergy program to share > keyboard, mouse & keyboard between X servers on multiple machines. > For details, see http://synergy2.sourceforge.net/ and > http://arc.opensolaris.org/caselog/LSARC/2009/489/20090914_stuart.kreitman ] > > Darren J Moffat wrote: > >> How does this work when the Solaris system is running with Trusted >> Extensions enabled ? In particular given that the screensaver is a >> trusted path concept and cut and paste is intercepted on trusted path >> and subject to authorisation. >> > > I think the answer is "probably not well, and that's a good thing." > In order to control the mouse and keyboard on the machines in the > synergy group, synergy uses an X extension called "XTEST" which was > originally designed for test suites to simulate input devices. > > The TX policy file for X will block usage of the XTEST extension > in order to prevent clients being able to take control of clients > with different security labels, so I don't think synergy will be > able to run in TX by default. > > If it could run (such as if you modified the policy file, since it > is a plain text file a site could vi) it would probably need to run > in the global zone, and then since it's not label aware, it's > clipboard sharing would probably violate the protections for copy > and paste between differently labeled clients. > > In short, I think the best answer is probably for us to add a note > to the man pages stating that synergy is not compatible with the > restrictions of the TX multi-label desktop, and is not recommended > for use there. > Alan, I agree with your conclusion.
--Glenn
