[prev in list] [next in list] [prev in thread] [next in thread] 

List:       eros-arch
Subject:    Re: [eros-arch] The banner issue
From:       John Halleck <John.Halleck () utah ! edu>
Date:       2003-11-11 19:07:58
[Download RAW message or body]

On Tue, 11 Nov 2003, Eyal Lotem wrote:

> [...]
> 
> But you don't actually need the trusted output
> (keyboard led or background color) to convey the
> entire identity of X to the user. An alternative is
> for the trusted output to convey whether or not we are
> in "fullscreen mode".  Assuming no overlapping
> windows, then not being in "fullscreen mode" means

  "Assuming no overlapping windows" is a BIG assumption.
  (Not true of any popular window system.)
  I personally think that that would be a restriction
  that most users would find off-putting.

  But if you have overlapping windows, I can (in my window)
  draw a window inside mine that appears to be in front
  of mine, and draw that window to have a secure appearance.

> that all content of all applications is correctly
> tagged by a window frame (including a titlebar) drawn
> by the TCB window manager.

  Anything you can draw on the screen, I can draw
  inside my window... (assuming overlapping windows)
  The operating system drawing parts of a window
  doesn't help if, inside my window, I can draw a
  window... since that window will appear to the user
  to be in front of mine instead of appearing to be
  mine.  I can even let the user "drag" it within
  the bounds of mine.

> In short, you use the trusted output as a small
> "anchor" of trust, to allow you to trust (in an
> all-or-nothing sense) the representation of the
> identity of X.  Once you trust that representation,
> you can decide how much trust you devote to the
> now-identified X.

  My personal opinion:
  A privledged banner on the screen seems the only
  practical alternative to me.  If there is SOME
  area of the screen where no user process can write,
  only things in that area can ultimately be trusted.
  Anything individual window oriented can't be trusted
  in an environment of overlapping windows.  And
  I doubt you can get users to put up with a system
  without overlapping windows.

 
  Although, on second thought, something like the mac's
  expose' (OSX 10.3 panther) might be workable.
  For the non-mac folk:  The program temporarily
  unoverlaps all the windows, and tiles the screen
  with reduced copies to enable you to find a specific
  window.  In that state the windows are non-overlapped
  so that screwing around such as I mention above wouldn't
  help.
 
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard
> http://antispam.yahoo.com/whatsnewfree
> _______________________________________________
> eros-arch mailing list
> eros-arch@mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/eros-arch
> 


_______________________________________________
eros-arch mailing list
eros-arch@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/eros-arch
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic