[PATCH SECURITY] XKB: Workaround for CVE-2012-0064: Stop calling UngrabAllDevices().

Cyril Brulebois kibi at debian.org
Thu Jan 19 02:20:52 PST 2012

The introduction of XKB debugging functions in the following commit:
| commit 7d2543a3cb3089241982ce4f8984fd723d5312a1
| Author: Daniel Stone <daniel at fooishbar.org>
| Date:   Wed Dec 29 12:03:01 2010 +0000
|     XKB: Add debug key actions for grabs & window tree

leads to the ability of bypassing X screen locking programs with key
combinations like: Ctrl+Alt+KP_Multiply (Multiply key on the numpad).

As a quick workaround, stop calling UngrabAllDevices().

On a side note, it doesn't seem to care much about its kill_client
parameter, which is only used to decide which message should be

This is a candidate for the 1.11 branch.

Signed-off-by: Cyril Brulebois <kibi at debian.org>
 hw/xfree86/dixmods/xkbPrivate.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

FWIW in Debian, I chose to revert the commit entirely until the proper
course of action is discussed here. I checked this patch on top of though.

In Cc, Daniel and Peter for their tags on the commit, and Jeremy for
an advanced notice for 1.11.

diff --git a/hw/xfree86/dixmods/xkbPrivate.c b/hw/xfree86/dixmods/xkbPrivate.c
index 06d1c2b..c6e75c5 100644
--- a/hw/xfree86/dixmods/xkbPrivate.c
+++ b/hw/xfree86/dixmods/xkbPrivate.c
@@ -38,10 +38,12 @@ XkbDDXPrivate(DeviceIntPtr dev,KeyCode key,XkbAction *act)
             xf86Msg(X_INFO, "End list of active device grabs\n");
+#if 0
         else if (strcasecmp(msgbuf, "ungrab")==0)
         else if (strcasecmp(msgbuf, "clsgrb")==0)
         else if (strcasecmp(msgbuf, "prwins")==0)

More information about the xorg-devel mailing list