91 lines
2.6 KiB
Diff
91 lines
2.6 KiB
Diff
From d80ec479f17bf0931b9332b4f3959c19ec62aba1 Mon Sep 17 00:00:00 2001
|
|
From: Ray Strode <rstrode@redhat.com>
|
|
Date: Thu, 23 Apr 2015 14:10:23 -0400
|
|
Subject: [PATCH 1/3] xwayland: Enable access control on open sockets
|
|
[CVE-2015-3164 1/3]
|
|
|
|
Xwayland currently allows wide-open access to the X sockets
|
|
it listens on, ignoring Xauth access control.
|
|
|
|
This commit makes sure to enable access control on the sockets,
|
|
so one user can't snoop on another user's X-over-wayland
|
|
applications.
|
|
|
|
Signed-off-by: Ray Strode <rstrode@redhat.com>
|
|
Reviewed-by: Daniel Stone <daniels@collabora.com>
|
|
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
---
|
|
hw/xwayland/xwayland.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
|
|
index 7e8d667..c5bee77 100644
|
|
--- a/hw/xwayland/xwayland.c
|
|
+++ b/hw/xwayland/xwayland.c
|
|
@@ -456,61 +456,61 @@ block_handler(void *data, struct timeval **tv, void *read_mask)
|
|
FatalError("failed to dispatch Wayland events: %s\n",
|
|
strerror(errno));
|
|
}
|
|
|
|
xwl_screen->prepare_read = 1;
|
|
|
|
ret = wl_display_flush(xwl_screen->display);
|
|
if (ret == -1)
|
|
FatalError("failed to write to XWayland fd: %s\n", strerror(errno));
|
|
}
|
|
|
|
static CARD32
|
|
add_client_fd(OsTimerPtr timer, CARD32 time, void *arg)
|
|
{
|
|
struct xwl_screen *xwl_screen = arg;
|
|
|
|
if (!AddClientOnOpenFD(xwl_screen->wm_fd))
|
|
FatalError("Failed to add wm client\n");
|
|
|
|
TimerFree(timer);
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void
|
|
listen_on_fds(struct xwl_screen *xwl_screen)
|
|
{
|
|
int i;
|
|
|
|
for (i = 0; i < xwl_screen->listen_fd_count; i++)
|
|
- ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE);
|
|
+ ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE);
|
|
}
|
|
|
|
static void
|
|
wm_selection_callback(CallbackListPtr *p, void *data, void *arg)
|
|
{
|
|
SelectionInfoRec *info = arg;
|
|
struct xwl_screen *xwl_screen = data;
|
|
static const char atom_name[] = "WM_S0";
|
|
static Atom atom_wm_s0;
|
|
|
|
if (atom_wm_s0 == None)
|
|
atom_wm_s0 = MakeAtom(atom_name, strlen(atom_name), TRUE);
|
|
if (info->selection->selection != atom_wm_s0 ||
|
|
info->kind != SelectionSetOwner)
|
|
return;
|
|
|
|
listen_on_fds(xwl_screen);
|
|
|
|
DeleteCallback(&SelectionCallback, wm_selection_callback, xwl_screen);
|
|
}
|
|
|
|
static Bool
|
|
xwl_screen_init(ScreenPtr pScreen, int argc, char **argv)
|
|
{
|
|
struct xwl_screen *xwl_screen;
|
|
Pixel red_mask, blue_mask, green_mask;
|
|
int ret, bpc, green_bpc, i;
|
|
|
|
xwl_screen = calloc(sizeof *xwl_screen, 1);
|
|
if (xwl_screen == NULL)
|
|
--
|
|
2.3.7
|
|
|