diff options
author | Eamon Walsh <ewalsh@tycho.nsa.gov> | 2009-04-16 22:33:12 -0400 |
---|---|---|
committer | Eamon Walsh <ewalsh@tycho.nsa.gov> | 2009-04-16 23:49:58 -0400 |
commit | 62aa06d499bd2dbcdf04a8bd9c0556b54333bc31 (patch) | |
tree | e473833831e165f1f73275eb06911ad880cfab42 | |
parent | 4970d757a7364c1d2fb4db4e404e88e8ad989ddb (diff) |
security: Revert behavior of extension access for compatibility.
Previously, three extensions were defined as "trusted" by the extension:
BIG-REQUESTS, XC-MISC, and XPrint. No other extensions were permitted
to be used by untrusted clients.
In commit 8b5d21cc1d1f4e9d20e5d5eca44cb1e60a419763 this was changed for
some reason. Return to the old, compatible behavior.
(cherry picked from commit 6045506be0cebca4ebbe943ae77f020aafa703d4)
-rw-r--r-- | Xext/security.c | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/Xext/security.c b/Xext/security.c index ad30e06b8..99f4e5610 100644 --- a/Xext/security.c +++ b/Xext/security.c @@ -63,10 +63,10 @@ typedef struct { } SecurityStateRec; /* Extensions that untrusted clients shouldn't have access to */ -static char *SecurityUntrustedExtensions[] = { - "RandR", - "SECURITY", - "XFree86-DGA", +static char *SecurityTrustedExtensions[] = { + "XC-MISC", + "BIG-REQUESTS", + "XpExtension", NULL }; @@ -859,16 +859,18 @@ SecurityExtension(CallbackListPtr *pcbl, pointer unused, pointer calldata) subj = dixLookupPrivate(&rec->client->devPrivates, stateKey); - if (subj->haveState && subj->trustLevel != XSecurityClientTrusted) - while (SecurityUntrustedExtensions[i]) - if (!strcmp(SecurityUntrustedExtensions[i++], rec->ext->name)) { - SecurityAudit("Security: denied client %d access to extension " - "%s on request %s\n", - rec->client->index, rec->ext->name, - SecurityLookupRequestName(rec->client)); - rec->status = BadAccess; - return; - } + if (subj->haveState && subj->trustLevel == XSecurityClientTrusted) + return; + + while (SecurityTrustedExtensions[i]) + if (!strcmp(SecurityTrustedExtensions[i++], rec->ext->name)) + return; + + SecurityAudit("Security: denied client %d access to extension " + "%s on request %s\n", + rec->client->index, rec->ext->name, + SecurityLookupRequestName(rec->client)); + rec->status = BadAccess; } static void |