xorg and EAL4+

Alan Coopersmith alan.coopersmith at sun.com
Thu Apr 19 11:33:13 PDT 2007

James Courtier-Dutton wrote:
> Fortunately, Linux has EAL4+ security evaluation done for most security
> targets (configurations).
> The one major thing that is excluded each time is the X front end.
> I.e. Linux has EAL4+ for a server config, without X.
> Have any moves been made to modify X so that it could reach EAL4+
> certifications?
> Or, is the X protocol just so broken, that X could never reach this
> level of security.

It's not impossible, as the Trusted forms of Solaris have gotten EAL4
certification for X desktops.

	-Alan Coopersmith-           alan.coopersmith at sun.com
	 Sun Microsystems, Inc. - X Window System Engineering

More information about the xorg mailing list