diff options
| author | Eric Anholt <eric@anholt.net> | 2014-04-21 17:03:07 -0700 |
|---|---|---|
| committer | Eric Anholt <eric@anholt.net> | 2014-04-22 13:19:40 -0700 |
| commit | f2f0fbdb99076941602f1abf572d65a019d9f6f2 (patch) | |
| tree | 8b5ada98cead24ec7fd41c8755a2a35b8bc30835 | |
| parent | 21dbfd5c19e9bcf6e13e1ddd0753ee110fee60f6 (diff) | |
Add a command line argument for disabling indirect GLX.glx-arg
The attack surface for indirect GLX is huge, and it's of no use to
most people (if you get an indirect GL context, you're better served
by a immediate X error than actually trying to use an indirect GL
context and finding out that it doesn't support doing anything you
want, slowly). This flag gives you a chance to disable indirect GLX
in environments where you just don't need it.
I put in both the '+' and '-' arguments right now, so that it's easy
to patch the value to change the default policy.
Signed-off-by: Eric Anholt <eric@anholt.net>
Acked-by: Julien Cristau <jcristau@debian.org>
| -rw-r--r-- | glx/glxcmds.c | 10 | ||||
| -rw-r--r-- | include/opaque.h | 1 | ||||
| -rw-r--r-- | os/utils.c | 8 |
3 files changed, 19 insertions, 0 deletions
diff --git a/glx/glxcmds.c b/glx/glxcmds.c index 187e42665..ded7aca58 100644 --- a/glx/glxcmds.c +++ b/glx/glxcmds.c @@ -232,6 +232,16 @@ DoCreateContext(__GLXclientState * cl, GLXContextID gcId, LEGAL_NEW_RESOURCE(gcId, client); + /* Only allow creating indirect GLX contexts if allowed by server + * command line. Indirect GLX is of limited use (since it's only + * GL 1.4), it's slower than direct contexts, and it's a massive + * attack surface for buffer overflow type errors. + */ + if (!enableIndirectGLX && !isDirect) { + client->errorValue = isDirect; + return BadMatch; + } + /* ** Find the display list space that we want to share. ** diff --git a/include/opaque.h b/include/opaque.h index 6b8071c5b..a2c54aa6a 100644 --- a/include/opaque.h +++ b/include/opaque.h @@ -56,6 +56,7 @@ extern _X_EXPORT Bool explicit_display; extern _X_EXPORT int defaultBackingStore; extern _X_EXPORT Bool disableBackingStore; extern _X_EXPORT Bool enableBackingStore; +extern _X_EXPORT Bool enableIndirectGLX; extern _X_EXPORT Bool PartialNetwork; extern _X_EXPORT Bool RunFromSigStopParent; diff --git a/os/utils.c b/os/utils.c index 83d85cdda..bc5e7df4d 100644 --- a/os/utils.c +++ b/os/utils.c @@ -194,6 +194,8 @@ Bool noGEExtension = FALSE; Bool CoreDump; +Bool enableIndirectGLX = TRUE; + #ifdef PANORAMIX Bool PanoramiXExtensionDisabledHack = FALSE; #endif @@ -538,6 +540,8 @@ UseMsg(void) ErrorF("-fn string default font name\n"); ErrorF("-fp string default font path\n"); ErrorF("-help prints message with these options\n"); + ErrorF("+iglx Allow creating indirect GLX contexts (default)\n"); + ErrorF("-iglx Prohibit creating indirect GLX contexts\n"); ErrorF("-I ignore all remaining arguments\n"); #ifdef RLIMIT_DATA ErrorF("-ld int limit data space to N Kb\n"); @@ -784,6 +788,10 @@ ProcessCommandLine(int argc, char *argv[]) UseMsg(); exit(0); } + else if (strcmp(argv[i], "+iglx") == 0) + enableIndirectGLX = TRUE; + else if (strcmp(argv[i], "-iglx") == 0) + enableIndirectGLX = FALSE; else if ((skip = XkbProcessArguments(argc, argv, i)) != 0) { if (skip > 0) i += skip - 1; |