From d80ec479f17bf0931b9332b4f3959c19ec62aba1 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Thu, 23 Apr 2015 14:10:23 -0400
Subject: [PATCH 1/3] xwayland: Enable access control on open sockets
 [CVE-2015-3164 1/3]

Xwayland currently allows wide-open access to the X sockets
it listens on, ignoring Xauth access control.

This commit makes sure to enable access control on the sockets,
so one user can't snoop on another user's X-over-wayland
applications.

Signed-off-by: Ray Strode <rstrode@redhat.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
 hw/xwayland/xwayland.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
index 7e8d667..c5bee77 100644
--- a/hw/xwayland/xwayland.c
+++ b/hw/xwayland/xwayland.c
@@ -456,61 +456,61 @@ block_handler(void *data, struct timeval **tv, void *read_mask)
             FatalError("failed to dispatch Wayland events: %s\n",
                        strerror(errno));
     }
 
     xwl_screen->prepare_read = 1;
 
     ret = wl_display_flush(xwl_screen->display);
     if (ret == -1)
         FatalError("failed to write to XWayland fd: %s\n", strerror(errno));
 }
 
 static CARD32
 add_client_fd(OsTimerPtr timer, CARD32 time, void *arg)
 {
     struct xwl_screen *xwl_screen = arg;
 
     if (!AddClientOnOpenFD(xwl_screen->wm_fd))
         FatalError("Failed to add wm client\n");
 
     TimerFree(timer);
 
     return 0;
 }
 
 static void
 listen_on_fds(struct xwl_screen *xwl_screen)
 {
     int i;
 
     for (i = 0; i < xwl_screen->listen_fd_count; i++)
-        ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE);
+        ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE);
 }
 
 static void
 wm_selection_callback(CallbackListPtr *p, void *data, void *arg)
 {
     SelectionInfoRec *info = arg;
     struct xwl_screen *xwl_screen = data;
     static const char atom_name[] = "WM_S0";
     static Atom atom_wm_s0;
 
     if (atom_wm_s0 == None)
         atom_wm_s0 = MakeAtom(atom_name, strlen(atom_name), TRUE);
     if (info->selection->selection != atom_wm_s0 ||
         info->kind != SelectionSetOwner)
         return;
 
     listen_on_fds(xwl_screen);
 
     DeleteCallback(&SelectionCallback, wm_selection_callback, xwl_screen);
 }
 
 static Bool
 xwl_screen_init(ScreenPtr pScreen, int argc, char **argv)
 {
     struct xwl_screen *xwl_screen;
     Pixel red_mask, blue_mask, green_mask;
     int ret, bpc, green_bpc, i;
 
     xwl_screen = calloc(sizeof *xwl_screen, 1);
     if (xwl_screen == NULL)
-- 
2.3.7