xserver: Branch 'master' - 3 commits
Eamon Walsh
ewalsh at kemper.freedesktop.org
Thu Apr 16 20:46:11 PDT 2009
Xext/security.c | 42 +++++++++++++++++++++++++-----------------
1 file changed, 25 insertions(+), 17 deletions(-)
New commits:
commit 4559d2ace6ac55fe361f572ded0769cdd1f3b545
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Apr 16 22:48:11 2009 -0400
security: Grant untrusted windows remove access on all windows.
This allows untrusted clients to destroy their own windows when they
have been reparented by a trusted window manager.
diff --git a/Xext/security.c b/Xext/security.c
index f1e0bb1..7962fdb 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -74,6 +74,7 @@ static char *SecurityTrustedExtensions[] = {
static const Mask SecurityResourceMask =
DixGetAttrAccess | DixReceiveAccess | DixListPropAccess |
DixGetPropAccess | DixListAccess;
+static const Mask SecurityWindowExtraMask = DixRemoveAccess;
static const Mask SecurityRootWindowExtraMask =
DixReceiveAccess | DixSendAccess | DixAddAccess | DixRemoveAccess;
static const Mask SecurityDeviceMask =
@@ -817,6 +818,10 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
if (subj->haveState && subj->trustLevel != XSecurityClientTrusted)
((WindowPtr)rec->res)->forcedBG = TRUE;
+ /* additional permissions for specific resource types */
+ if (rec->rtype == RT_WINDOW)
+ allowed |= SecurityWindowExtraMask;
+
/* special checks for server-owned resources */
if (cid == 0) {
if (rec->rtype & RC_DRAWABLE)
commit 3481b32ab971c41cb972f6819ae049f3e9f7033b
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Apr 16 22:39:54 2009 -0400
security: Fix a crash caused by wrong ordering of format arguments.
diff --git a/Xext/security.c b/Xext/security.c
index 0cbb7e3..f1e0bb1 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -948,9 +948,10 @@ SecuritySend(CallbackListPtr *pcbl, pointer unused, pointer calldata)
SecurityAudit("Security: denied client %d from sending event "
"of type %s to window 0x%x of client %d\n",
- rec->client->index, rec->pWin->drawable.id,
- wClient(rec->pWin)->index,
- LookupEventName(rec->events[i].u.u.type));
+ rec->client->index,
+ LookupEventName(rec->events[i].u.u.type),
+ rec->pWin->drawable.id,
+ wClient(rec->pWin)->index);
rec->status = BadAccess;
return;
}
commit 6045506be0cebca4ebbe943ae77f020aafa703d4
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date: Thu Apr 16 22:33:12 2009 -0400
security: Revert behavior of extension access for compatibility.
Previously, three extensions were defined as "trusted" by the extension:
BIG-REQUESTS, XC-MISC, and XPrint. No other extensions were permitted
to be used by untrusted clients.
In commit 8b5d21cc1d1f4e9d20e5d5eca44cb1e60a419763 this was changed for
some reason. Return to the old, compatible behavior.
diff --git a/Xext/security.c b/Xext/security.c
index c9077c8..0cbb7e3 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -61,10 +61,10 @@ typedef struct {
} SecurityStateRec;
/* Extensions that untrusted clients shouldn't have access to */
-static char *SecurityUntrustedExtensions[] = {
- "RandR",
- "SECURITY",
- "XFree86-DGA",
+static char *SecurityTrustedExtensions[] = {
+ "XC-MISC",
+ "BIG-REQUESTS",
+ "XpExtension",
NULL
};
@@ -852,16 +852,18 @@ SecurityExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata)
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
- if (subj->haveState && subj->trustLevel != XSecurityClientTrusted)
- while (SecurityUntrustedExtensions[i])
- if (!strcmp(SecurityUntrustedExtensions[i++], rec->ext->name)) {
- SecurityAudit("Security: denied client %d access to extension "
- "%s on request %s\n",
- rec->client->index, rec->ext->name,
- SecurityLookupRequestName(rec->client));
- rec->status = BadAccess;
- return;
- }
+ if (subj->haveState && subj->trustLevel == XSecurityClientTrusted)
+ return;
+
+ while (SecurityTrustedExtensions[i])
+ if (!strcmp(SecurityTrustedExtensions[i++], rec->ext->name))
+ return;
+
+ SecurityAudit("Security: denied client %d access to extension "
+ "%s on request %s\n",
+ rec->client->index, rec->ext->name,
+ SecurityLookupRequestName(rec->client));
+ rec->status = BadAccess;
}
static void
More information about the xorg-commit
mailing list