xorg and EAL4+

James Courtier-Dutton James at superbug.co.uk
Thu Apr 19 04:54:23 PDT 2007


Fortunately, Linux has EAL4+ security evaluation done for most security
targets (configurations).
The one major thing that is excluded each time is the X front end.
I.e. Linux has EAL4+ for a server config, without X.
Have any moves been made to modify X so that it could reach EAL4+
Or, is the X protocol just so broken, that X could never reach this
level of security.

The only alternative at the moment is MS Windows, that does have EAL4+

Kind Regards


More information about the xorg mailing list