eros-arch: Re: GUI systems

Re: GUI systems Shawn T. Rutledge (rutledge@cx47646-a.phnx1.az.home.com)
Tue, 27 Jun 2000 19:21:24 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ] [ Next ]
In reply to: Jonathan S. Shapiro

On Tue, Jun 27, 2000 at 09:34:00PM -0400, Jonathan S. Shapiro wrote:
> > > There is another issue, which is more "purist" in nature: the number of
> > > programs that get notified of a restart should be kept as small as
> possible.
> >
> > If I get a redraw event, I don't have any idea whether it's because
> > I've been deiconified, because Netscape has been iconified, because the
> > screen saver has just exited, because the user has invoked the "redraw
> > screen" command, or because the system has restarted.
>
> That's because you haven't applied error correction to the signal. Think
> about it a little more from the attacker's perspective...

I don't think I understand.

Anyway if you do a client-server GUI, then if the client (display) machine doesn't crash while EROS crashes and restarts, then nothing happens other than a temporary freeze-up (and maybe an alert dialog to tell the user that it froze up, and maybe a timeout period after which the terminal forgets it had a connection); after EROS is back up the connection could resume without further intervention.

If the client crashes, then there needs to be a separate mechanism anyway. I would guess that the client would hold some kind of "capability" in non-volatile storage of some kind, which enables it to connect to the EROS server. Perhaps an IP address, port and public/private keys. When it's powered up it connects and would have to request a whole-screen repaint (or equivalent) wouldn't it? I'm assuming the terminals are non-EROS systems and thus haven't gone to as great lengths to automatically persist whatever information that they have. Does that introduce security holes also?

If you use one of those crypto smart-cards for authentication, then you could at least ensure the private key used to encrypt the channel used while trying to log in would be very hard to hijack. They're usually designed so that only the card can ever know the private key; attempts to tamper with it will cause the key to be erased. I suppose you could get the smart card to do all the encrypting and decrypting of all the GUI data going across too, but it might be too slow. Maybe the EROS server could make up a random, temporary key pair, use the authentication session to forward it to the client, and then after that it uses the new key for that session only.

-- 
  _______                   Shawn T. Rutledge / KB7PWD  ecloud@bigfoot.com
 (_  | |_)          http://www.bigfoot.com/~ecloud  kb7pwd@kb7pwd.ampr.org
 __) | | \________________________________________________________________
Get money for spare CPU cycles at http://www.ProcessTree.com/?sponsor=5903

[ Next ]

In reply to: Jonathan S. Shapiro