xserver: Branch 'server-1.5-branch' - 3 commits

Eamon Walsh ewalsh at kemper.freedesktop.org
Thu Apr 16 20:50:37 PDT 2009 

 Xext/security.c |   42 +++++++++++++++++++++++++-----------------
 1 file changed, 25 insertions(+), 17 deletions(-)

New commits:
commit e1edd9e6689ea614167294a4f0eaa93c06f570fb
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Thu Apr 16 22:48:11 2009 -0400

    security: Grant untrusted windows remove access on all windows.
    
    This allows untrusted clients to destroy their own windows when they
    have been reparented by a trusted window manager.
    (cherry picked from commit 4559d2ace6ac55fe361f572ded0769cdd1f3b545)

diff --git a/Xext/security.c b/Xext/security.c
index d185ee3..e65fc8d 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -76,6 +76,7 @@ static char *SecurityTrustedExtensions[] = {
 static const Mask SecurityResourceMask =
     DixGetAttrAccess | DixReceiveAccess | DixListPropAccess |
     DixGetPropAccess | DixListAccess;
+static const Mask SecurityWindowExtraMask = DixRemoveAccess;
 static const Mask SecurityRootWindowExtraMask =
     DixReceiveAccess | DixSendAccess | DixAddAccess | DixRemoveAccess;
 static const Mask SecurityDeviceMask =
@@ -819,6 +820,10 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 	if (subj->haveState && subj->trustLevel != XSecurityClientTrusted)
 	    ((WindowPtr)rec->res)->forcedBG = TRUE;
 
+    /* additional permissions for specific resource types */
+    if (rec->rtype == RT_WINDOW)
+	allowed |= SecurityWindowExtraMask;
+
     /* special checks for server-owned resources */
     if (cid == 0) {
 	if (rec->rtype & RC_DRAWABLE)
commit a26ae2c63d73b6f8cfb9757c4db451bc68e6a947
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Thu Apr 16 22:39:54 2009 -0400

    security: Fix a crash caused by wrong ordering of format arguments.
    (cherry picked from commit 3481b32ab971c41cb972f6819ae049f3e9f7033b)

diff --git a/Xext/security.c b/Xext/security.c
index 99f4e56..d185ee3 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -955,9 +955,10 @@ SecuritySend(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 
 		SecurityAudit("Security: denied client %d from sending event "
 			      "of type %s to window 0x%x of client %d\n",
-			      rec->client->index, rec->pWin->drawable.id,
-			      wClient(rec->pWin)->index,
-			      LookupEventName(rec->events[i].u.u.type));
+			      rec->client->index,
+			      LookupEventName(rec->events[i].u.u.type),
+			      rec->pWin->drawable.id,
+			      wClient(rec->pWin)->index);
 		rec->status = BadAccess;
 		return;
 	    }
commit 62aa06d499bd2dbcdf04a8bd9c0556b54333bc31
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Thu Apr 16 22:33:12 2009 -0400

    security: Revert behavior of extension access for compatibility.
    
    Previously, three extensions were defined as "trusted" by the extension:
    BIG-REQUESTS, XC-MISC, and XPrint.  No other extensions were permitted
    to be used by untrusted clients.
    
    In commit 8b5d21cc1d1f4e9d20e5d5eca44cb1e60a419763 this was changed for
    some reason.  Return to the old, compatible behavior.
    (cherry picked from commit 6045506be0cebca4ebbe943ae77f020aafa703d4)

diff --git a/Xext/security.c b/Xext/security.c
index ad30e06..99f4e56 100644
--- a/Xext/security.c
+++ b/Xext/security.c
@@ -63,10 +63,10 @@ typedef struct {
 } SecurityStateRec;
 
 /* Extensions that untrusted clients shouldn't have access to */
-static char *SecurityUntrustedExtensions[] = {
-    "RandR",
-    "SECURITY",
-    "XFree86-DGA",
+static char *SecurityTrustedExtensions[] = {
+    "XC-MISC",
+    "BIG-REQUESTS",
+    "XpExtension",
     NULL
 };
 
@@ -859,16 +859,18 @@ SecurityExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata)
 
     subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
 
-    if (subj->haveState && subj->trustLevel != XSecurityClientTrusted)
-	while (SecurityUntrustedExtensions[i])
-	    if (!strcmp(SecurityUntrustedExtensions[i++], rec->ext->name)) {
-		SecurityAudit("Security: denied client %d access to extension "
-			      "%s on request %s\n",
-			      rec->client->index, rec->ext->name,
-			      SecurityLookupRequestName(rec->client));
-		rec->status = BadAccess;
-		return;
-	    }
+    if (subj->haveState && subj->trustLevel == XSecurityClientTrusted)
+	return;
+
+    while (SecurityTrustedExtensions[i])
+	if (!strcmp(SecurityTrustedExtensions[i++], rec->ext->name))
+	    return;
+
+    SecurityAudit("Security: denied client %d access to extension "
+		  "%s on request %s\n",
+		  rec->client->index, rec->ext->name,
+		  SecurityLookupRequestName(rec->client));
+    rec->status = BadAccess;
 }
 
 static void

More information about the xorg-commit mailing list