William Young wrote: > Multiple X servers and a gui switch event is an interesting problem. It > will be necessary to disable the possibility of any single label X > sessions or one can visually emulate the switcher with trusted path. I > don't think that is a concern right now, but should be a noted > requirement if a secure X switcher is mentioned.
I think that concern is there regardless of a GUI for doing the switching. If a keyboard (or any other method, eg programatic) switching is possible that can be used to spoof as well (and in fact is probably even more risky in some cases). I think though you have pointed out the best behaviour from the TX view which is that if the system is labeled the vt's are not enabled - or at least they can't be allowed to enter a graphics mode. IIRC in previous Trusted Solaris releases we actually disabled the dtlogin "Command Line Login" option but we don't in TX (which I'm okay with). -- Darren J Moffat
