xwayland: Enable access control on open sockets [CVE-2015-3164 1/3]

Xwayland currently allows wide-open access to the X sockets it listens on, ignoring Xauth access control. This commit makes sure to enable access control on the sockets, so one user can't snoop on another user's X-over-wayland applications. Signed-off-by: Ray Strode <rstrode@redhat.com> Reviewed-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Keith Packard <keithp@keithp.com>
author: Ray Strode <rstrode@redhat.com> 2015-05-05 16:43:42 -0400
committer: Keith Packard <keithp@keithp.com> 2015-05-26 11:22:17 -0700
commit: c4534a38b68aa07fb82318040dc8154fb48a9588 (patch)
tree: 0abdebb42f6ce62eba734625b36bba7969045ea2
parent: ad02d0df75318660c3f7cd6063eac409327fe560 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/hw/xwayland/xwayland.c b/hw/xwayland/xwayland.c
index 7e8d667d6..c5bee77d8 100644
--- a/hw/xwayland/xwayland.c
+++ b/hw/xwayland/xwayland.c
@@ -483,7 +483,7 @@ listen_on_fds(struct xwl_screen *xwl_screen)
     int i;
 
     for (i = 0; i < xwl_screen->listen_fd_count; i++)
-        ListenOnOpenFD(xwl_screen->listen_fds[i], TRUE);
+        ListenOnOpenFD(xwl_screen->listen_fds[i], FALSE);
 }
 
 static void
author	Ray Strode <rstrode@redhat.com>	2015-05-05 16:43:42 -0400
committer	Keith Packard <keithp@keithp.com>	2015-05-26 11:22:17 -0700
commit	c4534a38b68aa07fb82318040dc8154fb48a9588 (patch)
tree	0abdebb42f6ce62eba734625b36bba7969045ea2
parent	ad02d0df75318660c3f7cd6063eac409327fe560 (diff)