forked from pool/xorg-x11-server
39 lines
1.5 KiB
Diff
39 lines
1.5 KiB
Diff
From 11db545a86c8933c638a0bc1fcd4f2c65279f617 Mon Sep 17 00:00:00 2001
|
|
From: Eamon Walsh <ewalsh@tycho.nsa.gov>
|
|
Date: Thu, 16 Apr 2009 22:48:11 -0400
|
|
Subject: security: Grant untrusted windows remove access on all windows.
|
|
|
|
This allows untrusted clients to destroy their own windows when they
|
|
have been reparented by a trusted window manager.
|
|
(cherry picked from commit 4559d2ace6ac55fe361f572ded0769cdd1f3b545)
|
|
---
|
|
Xext/security.c | 5 +++++
|
|
1 files changed, 5 insertions(+), 0 deletions(-)
|
|
|
|
diff --git a/Xext/security.c b/Xext/security.c
|
|
index e660cc8..b9f411e 100644
|
|
--- a/Xext/security.c
|
|
+++ b/Xext/security.c
|
|
@@ -74,6 +74,7 @@ static char *SecurityTrustedExtensions[] = {
|
|
static const Mask SecurityResourceMask =
|
|
DixGetAttrAccess | DixReceiveAccess | DixListPropAccess |
|
|
DixGetPropAccess | DixListAccess;
|
|
+static const Mask SecurityWindowExtraMask = DixRemoveAccess;
|
|
static const Mask SecurityRootWindowExtraMask =
|
|
DixReceiveAccess | DixSendAccess | DixAddAccess | DixRemoveAccess;
|
|
static const Mask SecurityDeviceMask =
|
|
@@ -817,6 +818,10 @@ SecurityResource(CallbackListPtr *pcbl, pointer unused, pointer calldata)
|
|
if (subj->haveState && subj->trustLevel != XSecurityClientTrusted)
|
|
((WindowPtr)rec->res)->forcedBG = TRUE;
|
|
|
|
+ /* additional permissions for specific resource types */
|
|
+ if (rec->rtype == RT_WINDOW)
|
|
+ allowed |= SecurityWindowExtraMask;
|
|
+
|
|
/* special checks for server-owned resources */
|
|
if (cid == 0) {
|
|
if (rec->rtype & RC_DRAWABLE)
|
|
--
|
|
1.6.1.3
|
|
|