Securing The X Window System With SELinux | ||
---|---|---|
<<< Previous | Next >>> |
The X Window System is a windowing system for bitmapped graphics displays. It is based on a client-server architecture. The server controls the display and associated input devices, the clients are the graphical programs that access those services.
Clients connect to the server via Unix domain sockets (if local) or TCP/IP (if remote). (Other transport mechanisms can be supported, but are less common) Clients pass requests to the X server and receive events from the server by a clearly defined protocol [OReilly90], the XProtocol. All communication between the X server and the clients, with the exception of some image sharing extensions, happens over this connection.
The clients can only communicate with the X server through this connection, and can not directly communicate with other clients over this connection. However, the actions a client takes will frequently be visible to other clients. Some desktop environments (e.g. GNOME) expect applications to communicate with each other via other forms of IPC. These communication vectors are outside the scope of this paper.
Figure 1 shows two clients connected to a local X server. The client code usually uses the Xlib library to handle marshaling requests with the X protocol, but this is not required.
The X server also maintains certain data structures as resources that can be shared between clients. Clients refer to these resources by resource IDs passed over the communication link. Client applications frequently use these resources to communicate with other client applications, effectively using the X server as a communications channel.
<<< Previous | Home | Next >>> |
Securing The X Window System With SELinux | Threats and Security Concerns |