forked from pool/xorg-x11-server
bc8b5dc1a8
- U_os-support-new-implicit-local-user-access-mode.patch, U_xwayland-default-to-local-user-if-no-xauth-file-given.patch, U_xwayland-enable-access-control-on-open-socket.patch * Prevent unauthorized local access. (bnc#934102, CVE-2015-3164) OBS-URL: https://build.opensuse.org/request/show/311799 OBS-URL: https://build.opensuse.org/package/show/X11:XOrg/xorg-x11-server?expand=0&rev=575
33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
Subject: xwayland: default to local user if no xauth file given.
|
|
Author: Ray Strode <rstrode@redhat.com>
|
|
Path-mainline: Upstream
|
|
Git-commit: 76636ac12f2d1dbdf7be08222f80e7505d53c451
|
|
References: bnc#934102 CVE-2015-3164
|
|
Signed-off-by: Michal Srb <msrb@suse.com>
|
|
|
|
Right now if "-auth" isn't passed on the command line, we let
|
|
any user on the system connect to the Xwayland server.
|
|
|
|
That's clearly suboptimal, given Xwayland is generally designed
|
|
to be used by one user at a time.
|
|
|
|
This commit changes the behavior, so only the user who started the
|
|
X server can connect clients to it.
|
|
|
|
Signed-off-by: Ray Strode <rstrode@redhat.com>
|
|
Reviewed-by: Daniel Stone <daniels@collabora.com>
|
|
Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
|
|
Signed-off-by: Keith Packard <keithp@keithp.com>
|
|
|
|
diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
|
|
index c5bee77..bc92beb 100644
|
|
--- a/hw/xwayland/xwayland.c
|
|
+++ b/hw/xwayland/xwayland.c
|
|
@@ -702,4 +702,6 @@ InitOutput(ScreenInfo * screen_info, int argc, char **argv)
|
|
if (AddScreen(xwl_screen_init, argc, argv) == -1) {
|
|
FatalError("Couldn't add screen\n");
|
|
}
|
|
+
|
|
+ LocalAccessScopeUser();
|
|
}
|