fdo-mirrors/xserver
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/xorg/xserver.git synced 2026-05-09 04:58:06 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge commit 'origin/server-1.5-branch' into xorg-server-1.5-apple

Browse source
This commit is contained in:
Jeremy Huddleston 2009-04-22 19:29:29 -07:00
commit ac67b4fcf6
1 changed files with 25 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
Xext/security.c
View file

@ -60,10 +60,10 @@ typedef struct {
} SecurityStateRec; } SecurityStateRec;
/* Extensions that untrusted clients shouldn't have access to */ /* Extensions that untrusted clients shouldn't have access to */
static char *SecurityUntrustedExtensions[] = { static char *SecurityTrustedExtensions[] = {
"RandR", "XC-MISC",
"SECURITY", "BIG-REQUESTS",
"XFree86-DGA", "XpExtension",
NULL NULL
}; };
@ -73,6 +73,7 @@ static char *SecurityUntrustedExtensions[] = {
static const Mask SecurityResourceMask = static const Mask SecurityResourceMask =
DixGetAttrAccess | DixReceiveAccess | DixListPropAccess | DixGetAttrAccess | DixReceiveAccess | DixListPropAccess |
DixGetPropAccess | DixListAccess; DixGetPropAccess | DixListAccess;
static const Mask SecurityWindowExtraMask = DixRemoveAccess;
static const Mask SecurityRootWindowExtraMask = static const Mask SecurityRootWindowExtraMask =
DixReceiveAccess | DixSendAccess | DixAddAccess | DixRemoveAccess; DixReceiveAccess | DixSendAccess | DixAddAccess | DixRemoveAccess;
static const Mask SecurityDeviceMask = static const Mask SecurityDeviceMask =
@ -816,6 +817,10 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
if (subj->haveState && subj->trustLevel != XSecurityClientTrusted) if (subj->haveState && subj->trustLevel != XSecurityClientTrusted)
((WindowPtr)rec->res)->forcedBG = TRUE; ((WindowPtr)rec->res)->forcedBG = TRUE;
/* additional permissions for specific resource types */
if (rec->rtype == RT_WINDOW)
allowed |= SecurityWindowExtraMask;
/* special checks for server-owned resources */ /* special checks for server-owned resources */
if (cid == 0) { if (cid == 0) {
if (rec->rtype & RC_DRAWABLE) if (rec->rtype & RC_DRAWABLE)
@ -851,16 +856,18 @@ SecurityExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata)
subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); subj = dixLookupPrivate(&rec->client->devPrivates, stateKey);
if (subj->haveState && subj->trustLevel != XSecurityClientTrusted) if (subj->haveState && subj->trustLevel == XSecurityClientTrusted)
while (SecurityUntrustedExtensions[i]) return;
if (!strcmp(SecurityUntrustedExtensions[i++], rec->ext->name)) {
SecurityAudit("Security: denied client %d access to extension " while (SecurityTrustedExtensions[i])
"%s on request %s\n", if (!strcmp(SecurityTrustedExtensions[i++], rec->ext->name))
rec->client->index, rec->ext->name, return;
SecurityLookupRequestName(rec->client));
rec->status = BadAccess; SecurityAudit("Security: denied client %d access to extension "
return; "%s on request %s\n",
} rec->client->index, rec->ext->name,
SecurityLookupRequestName(rec->client));
rec->status = BadAccess;
} }
static void static void
@ -945,9 +952,10 @@ SecuritySend(CallbackListPtr *pcbl, pointer unused, pointer calldata)
SecurityAudit("Security: denied client %d from sending event " SecurityAudit("Security: denied client %d from sending event "
"of type %s to window 0x%x of client %d\n", "of type %s to window 0x%x of client %d\n",
rec->client->index, rec->pWin->drawable.id, rec->client->index,
wClient(rec->pWin)->index, LookupEventName(rec->events[i].u.u.type),
LookupEventName(rec->events[i].u.u.type)); rec->pWin->drawable.id,
wClient(rec->pWin)->index);
rec->status = BadAccess; rec->status = BadAccess;
return; return;
} }