Re: Trusted Extension Windowing, VirtualBox, and Seamless mode

Wed, 03 Nov 2010 13:17:37 -0700 

Brian,
I agree that the client can't be relied on to label its own windows. In Trusted Extensions, windows are labeled (even those using the SHAPE extension) unless they are marked as override-redirect windows. I think the seamless mode SHAPE window in VirtualBox is specified as an override-redirect window, so it doesn't get labeled. Even if it were a managed window, the window manager (metacity) would need to figure out where in the Swiss cheese to place the various label banners, since this window is a single object with a funny geometry. To get the right appearance, several things would have to happen: 

1. The SHAPE window would need to be a managed object.


2. The window manager would need to be able to reparent it with another 
SHAPE window which would have smaller holes in the cheese. Namely, the 
lower (y) coordinate of each hole would need to be moved up by the 
height of the label bar. Then the window manager would need to render 
labels immediately below each such hole, using the width of the hole.


This seems like an interesting project for a graduate student. ;-)

--Glenn

Brian Vetter wrote:

Back to this topic after a couple of months of other activities...

Our initial look at Citrix's ICA seems to imply that they too are using the Shape 
Extension technique to implement seamless windows. So the trend suggests that we should 
expect that to be the predominant way "seamless" remote or VM windows will get 
rendered.

I don't see how these apps (VBox, Citrix, etc) could possibly do the right thing and wrap 
a labeled border around these windows. For one, how do they even know that they need to 
and if they did, I don't think they would be trusted to do so. So it would seem that the 
best/only way to do this securely is for the Window manager to do it. Or is this purely 
in the domain of the Shape Extension - we need a "trusted" shape extension that 
can draw window labels at the appropriate places?

  


--

ORACLE ®
Glenn Faden | Senior Principal Software Engineer
Phone: +1 650 786 4003 | Mobile: +1 415 637 8181
Oracle Solaris Security, Solaris Core OS Technology Engineering


_______________________________________________
security-discuss mailing list
[email protected]






















					Reply via email to