xserver: Branch 'server-1.6-branch' - 3 commits

Eamon Walsh ewalsh at kemper.freedesktop.org
Thu Apr 16 20:49:36 PDT 2009 

 Xext/security.c |   42 +++++++++++++++++++++++++-----------------
 1 file changed, 25 insertions(+), 17 deletions(-)

New commits:
commit 11db545a86c8933c638a0bc1fcd4f2c65279f617
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Thu Apr 16 22:48:11 2009 -0400

    security: Grant untrusted windows remove access on all windows.
    
    This allows untrusted clients to destroy their own windows when they
    have been reparented by a trusted window manager.
    (cherry picked from commit 4559d2ace6ac55fe361f572ded0769cdd1f3b545)

diff --git a/Xext/security.c b/Xext/security.c
index e660cc8..b9f411e 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -74,6 +74,7 @@ static char *SecurityTrustedExtensions[] = {
 static const Mask SecurityResourceMask =
     DixGetAttrAccess | DixReceiveAccess | DixListPropAccess |
     DixGetPropAccess | DixListAccess;
+static const Mask SecurityWindowExtraMask = DixRemoveAccess;
 static const Mask SecurityRootWindowExtraMask =
     DixReceiveAccess | DixSendAccess | DixAddAccess | DixRemoveAccess;
 static const Mask SecurityDeviceMask =
@@ -817,6 +818,10 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 	if (subj->haveState && subj->trustLevel != XSecurityClientTrusted)
 	    ((WindowPtr)rec->res)->forcedBG = TRUE;
 
+    /* additional permissions for specific resource types */
+    if (rec->rtype == RT_WINDOW)
+	allowed |= SecurityWindowExtraMask;
+
     /* special checks for server-owned resources */
     if (cid == 0) {
 	if (rec->rtype & RC_DRAWABLE)
commit 5d48f288eccb57dfe1751946c9d60dbd3ac0129a
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Thu Apr 16 22:39:54 2009 -0400

    security: Fix a crash caused by wrong ordering of format arguments.
    (cherry picked from commit 3481b32ab971c41cb972f6819ae049f3e9f7033b)

diff --git a/Xext/security.c b/Xext/security.c
index 4b34bb0..e660cc8 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -948,9 +948,10 @@ SecuritySend(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 
 		SecurityAudit("Security: denied client %d from sending event "
 			      "of type %s to window 0x%x of client %d\n",
-			      rec->client->index, rec->pWin->drawable.id,
-			      wClient(rec->pWin)->index,
-			      LookupEventName(rec->events[i].u.u.type));
+			      rec->client->index,
+			      LookupEventName(rec->events[i].u.u.type),
+			      rec->pWin->drawable.id,
+			      wClient(rec->pWin)->index);
 		rec->status = BadAccess;
 		return;
 	    }
commit 93e0a648138e569087fc6e07c1a28abfa92a4dde
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Thu Apr 16 22:33:12 2009 -0400

    security: Revert behavior of extension access for compatibility.
    
    Previously, three extensions were defined as "trusted" by the extension:
    BIG-REQUESTS, XC-MISC, and XPrint.  No other extensions were permitted
    to be used by untrusted clients.
    
    In commit 8b5d21cc1d1f4e9d20e5d5eca44cb1e60a419763 this was changed for
    some reason.  Return to the old, compatible behavior.
    (cherry picked from commit 6045506be0cebca4ebbe943ae77f020aafa703d4)

diff --git a/Xext/security.c b/Xext/security.c
index e379063..4b34bb0 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -61,10 +61,10 @@ typedef struct {
 } SecurityStateRec;
 
 /* Extensions that untrusted clients shouldn't have access to */
-static char *SecurityUntrustedExtensions[] = {
-    "RandR",
-    "SECURITY",
-    "XFree86-DGA",
+static char *SecurityTrustedExtensions[] = {
+    "XC-MISC",
+    "BIG-REQUESTS",
+    "XpExtension",
     NULL
 };
 
@@ -852,16 +852,18 @@ SecurityExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 
     subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
 
-    if (subj->haveState && subj->trustLevel != XSecurityClientTrusted)
-	while (SecurityUntrustedExtensions[i])
-	    if (!strcmp(SecurityUntrustedExtensions[i++], rec->ext->name)) {
-		SecurityAudit("Security: denied client %d access to extension "
-			      "%s on request %s\n",
-			      rec->client->index, rec->ext->name,
-			      SecurityLookupRequestName(rec->client));
-		rec->status = BadAccess;
-		return;
-	    }
+    if (subj->haveState && subj->trustLevel == XSecurityClientTrusted)
+	return;
+
+    while (SecurityTrustedExtensions[i])
+	if (!strcmp(SecurityTrustedExtensions[i++], rec->ext->name))
+	    return;
+
+    SecurityAudit("Security: denied client %d access to extension "
+		  "%s on request %s\n",
+		  rec->client->index, rec->ext->name,
+		  SecurityLookupRequestName(rec->client));
+    rec->status = BadAccess;
 }
 
 static void

More information about the xorg-commit mailing list