FixesSelectSelectionInput
Michel Dänzer
michel at daenzer.net
Mon Jul 1 14:45:22 UTC 2024
On 2024-06-30 09:30, Po Lu wrote:
> A recent "security fix" in ProcXFixesSelectSelectionInput hamstrings
> this request in the event that no ownership has yet been asserted over
> the selection.
>
> The proximate cause is thus: dixLookupSelection returns error
> indications when no selection data exists, which case is identified by
> &selection remaining unaltered, but is erroneously interpreted as an
> access control denial, with the important consequence that gnome-shell
> crashes on startup having received a BadMatch.
>
> I don't believe it's possible to control access to still-nonexistent
> selections through XACE.
See:
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1556#note_2466012
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1573
https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1574
> diff --git a/xfixes/select.c b/xfixes/select.c
> index 660eed210..11ddc4939 100644
> --- a/xfixes/select.c
> +++ b/xfixes/select.c
> @@ -128,7 +128,9 @@ XFixesSelectSelectionInput(ClientPtr pClient,
> Selection *selection;
>
> rc = dixLookupSelection(&selection, selection_name, pClient, DixGetAttrAccess);
> - if (rc != Success)
> + if (rc != Success
> + /* Selection exists, but access control handlers were triggered. */
> + && selection)
> return rc;
>
> for (prev = &selectionEvents; (e = *prev); prev = &e->next) {
AFAICT this would end up creating a struct _SelectionEvent with member selection=NULL, which would later match for any non-existing selection_name. I doubt that works as intended.
--
Earthling Michel Dänzer | https://redhat.com
Libre software enthusiast | Mesa and Xwayland developer
More information about the xorg-devel
mailing list